|false */ public static function getUserAllowedForms($userId = false) { if (!$userId) { $userId = get_current_user_id(); } if ($userId && self::hasSpecificFormsPermission($userId)) { $formIds = get_user_meta($userId, '_fluent_forms_allowed_forms', true); if (is_array($formIds)) { return array_filter(array_map('intval', $formIds)); } } return false; } /** * Return the effective form scope for the current user's permissions. * * - `false`: the user is unrestricted * - `[]`: the user is restricted to specific forms but none are assigned * - `[ids...]`: the user is restricted to the listed forms * * Use this helper for ACL-sensitive queries so zero assigned forms produce * an empty result set instead of falling back to unrestricted access. * * @param string|int|false $userId Optional. Current user is used when omitted. * @return array|false */ public static function getUserAllowedFormsScope($userId = false) { if (!$userId) { $userId = get_current_user_id(); } if (!$userId || !self::hasSpecificFormsPermission($userId)) { return false; } $formIds = self::getUserAllowedForms($userId); return is_array($formIds) ? array_values($formIds) : []; } public static function hasFormPermission($formId) { // Use the scoped helper here so "specific forms" managers with zero // assignments do not accidentally pass this permission check. if ($formId && false !== ($allowedForm = self::getUserAllowedFormsScope())) { $formIds = self::normalizeFormIds($formId); if (!$formIds) { return false; } return !array_diff($formIds, $allowedForm); } return true; } }