ID ), (array) wp_get_current_user()->roles ) ) ) { // Current user is not allowed to manage contributors. $disabled = 'disabled'; } // Required CSS and JS. wp_enqueue_style( 'atmat-select2-css' ); wp_enqueue_script( 'atmat-select2-js' ); wp_enqueue_script( 'atmat-backend-js' ); wp_localize_script( 'atmat-backend-js', 'atmatBackend', array() ); $author_ids = array_filter( array_map( 'absint', (array) get_post_meta( $post->ID, 'atmat_authors', true ) ) ); $json_ids = array(); foreach ( $author_ids as $author_id ) { $author = get_user_by( 'id', $author_id ); if ( is_object( $author ) ) { $json_ids[ $author_id ] = esc_html( $author->display_name ) . ' (#' . absint( $author->ID ) . ' – ' . esc_html( $author->user_email ) . ')'; } } do_action( 'atmat_metabox_multiauthor_before', $author_ids, $post ); ?> /> 'all', 'orderby' => 'display_name', 'search' => '*' . $term . '*', 'search_columns' => array( 'ID', 'display_name', 'user_email' ), 'role__in' => get_contributors_role_in(), ) ) ); $contributors = $contributors_query->get_results(); if ( ! empty( $contributors ) ) { foreach ( $contributors as $contributor ) { if ( ! in_array( $contributor->ID, $exclude ) ) { $found_contributors[ $contributor->ID ] = $contributor->display_name . ' (#' . $contributor->ID . ' – ' . sanitize_email( $contributor->user_email ) . ')'; } } } $found_contributors = apply_filters( 'atmat_found_contributors', $found_contributors ); wp_send_json( $found_contributors ); } /** * Save metabox Contributors data. * * @param int $post_id id of the post. */ public function save_metabox_multiauthor( $post_id ) { // Security pass 1 - Nonce verification. if ( ! isset( $_POST['atmat-nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['atmat-nonce'] ), 'atmat_save_settings' ) ) { return; } // Security pass 2 - Check if current user is allowed to manage contributors or not. if ( ! count( array_intersect( get_allowed_roles( $post_id ), (array) wp_get_current_user()->roles ) ) ) { // Current user is not allowed to manage contributors. return; } $authors = array(); if ( isset( $_POST['atmat-authors'] ) && ! empty( $_POST['atmat-authors'] ) ) { $role_in = get_contributors_role_in( $post_id ); $post_authors = explode( ',', sanitize_text_field( $_POST['atmat-authors'] ) ); // Security pass 3 - Validate contributors ID. foreach ( $post_authors as $contributor_id ) { $contributor_id = (int) $contributor_id; $contributor = get_userdata( $contributor_id ); if ( count( array_intersect( $role_in, $contributor->roles ) ) ) { $authors[] = $contributor_id; } } } update_post_meta( $post_id, 'atmat_authors', $authors ); } }