This commit is contained in:
2026-07-02 15:54:39 -06:00
commit 9883323161
17470 changed files with 4470592 additions and 0 deletions
@@ -0,0 +1,96 @@
<?php
/**
* Media Library Access Control module.
*
* @package ASENHA
* @since 8.2.4
*/
namespace ASENHA\Classes;
// Exit if accessed directly.
if ( !defined( 'ABSPATH' ) ) {
exit;
}
/**
* Restrict Media Library/media modal attachment listings to the current user's uploads.
*
* Notes:
* - Restricts only attachment *listing* queries in wp-admin (Media Library list view and media modal/grid queries).
* - Does not affect frontend rendering, and does not block direct access to attachment URLs.
*/
class Media_Files_Visibility_Control {
/**
* Filter attachment query args for media modal / media grid.
*
* @param array $query_args WP_Query args for attachments.
* @return array
*/
public function filter_attachments_grid( $query_args ) {
if ( !is_admin() ) {
return $query_args;
}
if ( !$this->should_restrict_current_user() ) {
return $query_args;
}
$query_args['author'] = get_current_user_id();
return $query_args;
}
/**
* Restrict attachment list view in Media Library (`upload.php` list mode).
*
* @param \WP_Query $query Query instance.
* @return void
*/
public function filter_attachments_list( $query ) {
if ( !is_admin() ) {
return;
}
if ( !$query instanceof \WP_Query ) {
return;
}
if ( !$query->is_main_query() ) {
return;
}
// Only affect Media Library list screen.
global $pagenow;
if ( 'upload.php' !== $pagenow ) {
return;
}
$post_type = $query->get( 'post_type' );
if ( 'attachment' !== $post_type && (!is_array( $post_type ) || !in_array( 'attachment', $post_type, true )) ) {
return;
}
if ( !$this->should_restrict_current_user() ) {
return;
}
$query->set( 'author', get_current_user_id() );
}
/**
* Determine whether the current user should be restricted to seeing only their own uploads.
*
* @return bool
*/
private function should_restrict_current_user() {
if ( !is_user_logged_in() ) {
return false;
}
// Administrators (and multisite super admins) can always see all media.
if ( current_user_can( 'manage_options' ) ) {
return false;
}
if ( is_multisite() && is_super_admin() ) {
return false;
}
// Only apply when the user can upload files (i.e., they are a relevant role for media).
if ( !current_user_can( 'upload_files' ) ) {
return false;
}
// Free behavior: restrict all non-admin upload-capable users.
$should_restrict = true;
return (bool) $should_restrict;
}
}