@@ -638,26 +638,7 @@ public function middle_user_capability( $action, $entry, $settings ) {
638638 if ( is_user_logged_in () &&
639639 ( ( $ this options ->get_option ( 'limit_to_admin ' , 'No ' ) === 'Yes ' ) || ( $ this is_current_pdf_owner ( $ entry'logged_in ' ) === false ) )
640640 ) {
641-
642- /* Handle permissions checks */
643- $ admin_permissions$ this options ->get_option ( 'admin_capabilities ' , [ 'gravityforms_view_entries ' ] );
644-
645- /* loop through permissions and check if the current user has any of those capabilities */
646- $ accessfalse ;
647- foreach ( $ admin_permissionsas $ permission
648- if ( $ this gform ->has_capability ( $ permission
649- $ accesstrue ;
650-
651- $ this log ->notice (
652- 'Current logged-in user has appropriate WordPress capability to view PDF ' ,
653- [
654- 'permission ' => $ permission
655- ]
656- );
657-
658- break ;
659- }
660- }
641+ $ access$ this can_user_view_pdf_with_capabilities ();
661642
662643 /* throw error if no access granted */
663644 if ( ! $ access
@@ -669,6 +650,30 @@ public function middle_user_capability( $action, $entry, $settings ) {
669650 return $ action
670651 }
671652
653+ /**
654+ * Check if the logged in user has permission to view the PDF
655+ *
656+ * @param int|null $user_id
657+ *
658+ * @return bool
659+ *
660+ * @since 6.8
661+ */
662+ public function can_user_view_pdf_with_capabilities ( $ user_idnull ) {
663+ $ admin_permissions$ this options ->get_option ( 'admin_capabilities ' , [ 'gravityforms_view_entries ' ] );
664+
665+ /* loop through permissions and check if the current user has any of those capabilities */
666+ $ can_user_view_pdffalse ;
667+ foreach ( $ admin_permissionsas $ permission
668+ if ( $ this gform ->has_capability ( $ permission$ user_id
669+ $ can_user_view_pdftrue ;
670+ break ;
671+ }
672+ }
673+
674+ return $ can_user_view_pdf
675+ }
676+
672677 /**
673678 * Display PDF on Gravity Form entry list page
674679 *
@@ -683,27 +688,33 @@ public function middle_user_capability( $action, $entry, $settings ) {
683688 */
684689 public function view_pdf_entry_list ( $ form_id$ field_id$ value$ entry
685690
691+ /* Only show the PDF metabox if a user has permission to view the documents */
692+ if ( ! $ this can_user_view_pdf_with_capabilities () ) {
693+ return ;
694+ }
695+
686696 $ controller$ this getController ();
687697 $ pdf_list$ this get_pdf_display_list ( $ entry
688698
689- if ( ! empty ( $ pdf_list
699+ if ( empty ( $ pdf_list
700+ return ;
701+ }
690702
691- if ( count ( $ pdf_list1 ) {
692- $ args
693- 'pdfs ' => $ pdf_list
694- 'view ' => strtolower ( $ this options ->get_option ( 'default_action ' ) ),
695- ];
703+ if ( count ( $ pdf_list1 ) {
704+ $ args
705+ 'pdfs ' => $ pdf_list
706+ 'view ' => strtolower ( $ this options ->get_option ( 'default_action ' ) ),
707+ ];
696708
697- $ controllerview ->entry_list_pdf_multiple ( $ args
698- } else {
699- /* Only one PDF for this form so display a simple 'View PDF' link */
700- $ args
701- 'pdf ' => array_shift ( $ pdf_list
702- 'view ' => strtolower ( $ this options ->get_option ( 'default_action ' ) ),
703- ];
709+ $ controllerview ->entry_list_pdf_multiple ( $ args
710+ } else {
711+ /* Only one PDF for this form so display a simple 'View PDF' link */
712+ $ args
713+ 'pdf ' => array_shift ( $ pdf_list
714+ 'view ' => strtolower ( $ this options ->get_option ( 'default_action ' ) ),
715+ ];
704716
705- $ controllerview ->entry_list_pdf_single ( $ args
706- }
717+ $ controllerview ->entry_list_pdf_single ( $ args
707718 }
708719 }
709720
@@ -896,6 +907,77 @@ public function view_pdf_entry_detail( $args ) {
896907 $ controllerview ->entry_detailed_pdf ( $ pdfs
897908 }
898909
910+ /**
911+ * Display the PDF metabox in the Gravity Flow inbox
912+ *
913+ * @param array $form
914+ * @param array $entry
915+ * @param $current_step
916+ * @param $args
917+ *
918+ * @return void
919+ *
920+ * @since 6.8
921+ */
922+ public function view_pdf_gravityflow_inbox ( $ form$ entry$ current_step$ args
923+ /* Only show the PDF metabox if a user has permission to view the documents */
924+ if ( ! $ this can_user_view_pdf_with_capabilities () ) {
925+ return ;
926+ }
927+
928+ $ active_pdfsarray_filter (
929+ $ form'gfpdf_form_settings ' ] ?? [],
930+ function ( $ pdf
931+ return $ pdf'active ' ] === true ;
932+ }
933+ );
934+
935+ /* Only show the metabox if there's an active PDF */
936+ if ( count ( $ active_pdfs0 ) {
937+ return ;
938+ }
939+
940+ ?>
941+ <style type="text/css">
942+ div.gf_entry_wrap #poststuff #gravitypdf-pdf-box-container .inside {
943+ margin: 0;
944+ padding: 0;
945+ max-height: 18rem;
946+ overflow-y: auto;
947+ line-height: 1.4;
948+ font-size: 13px;
949+ }
950+
951+ #gravitypdf-pdf-box-container ul {
952+ margin: 0;
953+ padding: 0;
954+ }
955+
956+ #gravitypdf-pdf-box-container li {
957+ margin-bottom: 0.25rem;
958+ border-bottom: 1px solid #EBEBF2;
959+ padding: 0.5rem 0.75rem;
960+ }
961+
962+ #gravitypdf-pdf-box-container li:last-of-type {
963+ border-bottom: none;
964+ margin-bottom: 0;
965+ }
966+ </style>
967+
968+ <div id="gravitypdf-pdf-box-container" class="postbox">
969+
970+ <h3 class="hndle" style="cursor:default;">
971+ <span><?php esc_html_e ( 'Gravity PDF ' , 'gravity-forms-pdf-extended ' ); ?> </span>
972+ </h3>
973+
974+ <div class="inside">
975+ <?php $ this view_pdf_entry_detail ( [ 'entry ' => $ entry?>
976+ </div>
977+ </div>
978+ <?php
979+ }
980+
899981 /**
900982 * Add the pdf meta box to the entry detail page.
901983 *
@@ -924,7 +1006,13 @@ function( $pdf ) {
9241006 $ meta
9251007 'gfpdf-entry-details-list ' => [
9261008 'title ' => esc_html__ ( 'PDFs ' , 'gravity-forms-pdf-extended ' ),
927- 'callback ' => [ $ this 'view_pdf_entry_detail ' ],
1009+ 'callback ' => function ( $ args
1010+ /* Only show the PDF metabox if a user has permission to view the documents */
1011+ if ( ! $ this can_user_view_pdf_with_capabilities () ) {
1012+ return ;
1013+ }
1014+ $ this view_pdf_entry_detail ( $ args
1015+ },
9281016 'context ' => 'side ' ,
9291017 'callback_args ' => [
9301018 'form ' => $ form
0 commit comments