Advanced Access Manager - Version 3.2.2

Version Description

Improved AAM security reported by James Golovich from Pritect
Extended core to allow manage access to AAM features via ConfigPress

Release Info

Developer	vasyl_m
Plugin	Advanced Access Manager
Version	3.2.2
Comparing to
See all releases

Code changes from version 3.2.1 to 3.2.2

Files changed (16) hide show

Application/Backend/Capability.php +13 -5
Application/Backend/Contact.php +29 -6
Application/Backend/Extension.php +28 -5
Application/Backend/Feature.php +2 -25
Application/Backend/Manager.php +16 -2
Application/Backend/Menu.php +38 -7
Application/Backend/Metabox.php +28 -5
Application/Backend/Post.php +36 -21
Application/Backend/Role.php +15 -0
Application/Backend/User.php +15 -0
Application/Backend/View.php +6 -6
Application/Backend/view/index.phtml +6 -10
Lang/advanced-access-manager-en_US.mo +0 -0
Lang/advanced-access-manager-en_US.po +4 -4
aam.php +1 -1
readme.txt +6 -2

Application/Backend/Capability.php CHANGED Viewed

	@@ -14,6 +14,11 @@
14	* @author Vasyl Martyniuk <vasyl@vasyltech.com>
15	*/
16	class AAM_Backend_Capability {





17
18	/**
19	* Capability groups
	@@ -217,14 +222,17 @@ class AAM_Backend_Capability {
217	* @access public
218	*/
219	public static function register() {


220	AAM_Backend_Feature::registerFeature((object) array(
221	- 'uid' => 'capability',
222	- 'position' => 15,
223	- 'title' => __('Capabilities', AAM_KEY),
224	- '~~subjects~~' => ~~array(~~

225	'AAM_Core_Subject_Role', 'AAM_Core_Subject_User'
226	),
227	- 'view' => __CLASS__
228	));
229	}
230


14	* @author Vasyl Martyniuk <vasyl@vasyltech.com>
15	*/
16	class AAM_Backend_Capability {
17	+
18	+ /**
19	+ *
20	+ */
21	+ const CAPABILITY_OPTION = 'aam.feature.capability.capability';
22
23	/**
24	* Capability groups

222	* @access public
223	*/
224	public static function register() {
225	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
226	+
227	AAM_Backend_Feature::registerFeature((object) array(
228	+ 'uid' => 'capability',
229	+ 'position' => 15,
230	+ 'title' => __('Capabilities', AAM_KEY),
231	+ 'capability' => $cap,
232	+ 'subjects' => array(
233	'AAM_Core_Subject_Role', 'AAM_Core_Subject_User'
234	),
235	+ 'view' => __CLASS__
236	));
237	}
238

Application/Backend/Contact.php CHANGED Viewed

	@@ -15,6 +15,26 @@
15	*/
16	class AAM_Backend_Contact {
17




















18	/**
19	* Get HTML content
20	*
	@@ -47,7 +67,7 @@ class AAM_Backend_Contact {
47	} else {
48	$response = json_encode(array(
49	'status' => 'failure',
50	- 'error' => __('License key is missing.', AAM_KEY)
51	));
52	}
53
	@@ -62,16 +82,19 @@ class AAM_Backend_Contact {
62	* @access public
63	*/
64	public static function register() {


65	AAM_Backend_Feature::registerFeature((object) array(
66	- 'uid' => 'contact',
67	- 'position' => 1000,
68	- 'title' => __('Contact Us', AAM_KEY),
69	- '~~subjects~~' => ~~array(~~

70	'AAM_Core_Subject_Role',
71	'AAM_Core_Subject_User',
72	'AAM_Core_Subject_Visitor'
73	),
74	- 'view' => __CLASS__
75	));
76	}
77


15	*/
16	class AAM_Backend_Contact {
17
18	+ /**
19	+ * ConfigPress settings for feature access
20	+ */
21	+ const CAPABILITY_OPTION = 'aam.feature.contact.capability';
22	+
23	+ /**
24	+ * Constructor
25	+ *
26	+ * @return void
27	+ *
28	+ * @access public
29	+ * @throws Exception
30	+ */
31	+ public function __construct() {
32	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
33	+ if (!AAM::getUser()->hasCapability($cap)) {
34	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
35	+ }
36	+ }
37	+
38	/**
39	* Get HTML content
40	*

67	} else {
68	$response = json_encode(array(
69	'status' => 'failure',
70	+ 'error' => __('License key is missing.', AAM_KEY)
71	));
72	}
73

82	* @access public
83	*/
84	public static function register() {
85	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
86	+
87	AAM_Backend_Feature::registerFeature((object) array(
88	+ 'uid' => 'contact',
89	+ 'position' => 1000,
90	+ 'title' => __('Contact Us', AAM_KEY),
91	+ 'capability' => $cap,
92	+ 'subjects' => array(
93	'AAM_Core_Subject_Role',
94	'AAM_Core_Subject_User',
95	'AAM_Core_Subject_Visitor'
96	),
97	+ 'view' => __CLASS__
98	));
99	}
100

Application/Backend/Extension.php CHANGED Viewed

	@@ -15,6 +15,26 @@
15	*/
16	class AAM_Backend_Extension {
17




















18	/**
19	* Get HTML content
20	*
	@@ -154,17 +174,20 @@ class AAM_Backend_Extension {
154	* @access public
155	*/
156	public static function register() {


157	AAM_Backend_Feature::registerFeature((object) array(
158	- 'uid' => 'extension',
159	- 'position' => 999,
160	- 'title' => __('Extensions', AAM_KEY),

161	'notification' => self::getNotification(),
162	- 'subjects' => array(
163	'AAM_Core_Subject_Role',
164	'AAM_Core_Subject_User',
165	'AAM_Core_Subject_Visitor'
166	),
167	- 'view' => __CLASS__
168	));
169	}
170


15	*/
16	class AAM_Backend_Extension {
17
18	+ /**
19	+ * ConfigPress settings for feature access
20	+ */
21	+ const CAPABILITY_OPTION = 'aam.feature.extension.capability';
22	+
23	+ /**
24	+ * Constructor
25	+ *
26	+ * @return void
27	+ *
28	+ * @access public
29	+ * @throws Exception
30	+ */
31	+ public function __construct() {
32	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
33	+ if (!AAM::getUser()->hasCapability($cap)) {
34	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
35	+ }
36	+ }
37	+
38	/**
39	* Get HTML content
40	*

174	* @access public
175	*/
176	public static function register() {
177	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
178	+
179	AAM_Backend_Feature::registerFeature((object) array(
180	+ 'uid' => 'extension',
181	+ 'position' => 999,
182	+ 'title' => __('Extensions', AAM_KEY),
183	+ 'capability' => $cap,
184	'notification' => self::getNotification(),
185	+ 'subjects' => array(
186	'AAM_Core_Subject_Role',
187	'AAM_Core_Subject_User',
188	'AAM_Core_Subject_Visitor'
189	),
190	+ 'view' => __CLASS__
191	));
192	}
193

Application/Backend/Feature.php CHANGED Viewed

	@@ -33,14 +33,12 @@ class AAM_Backend_Feature {
33	$response = false;
34
35	if (empty($feature->capability)){
36	- $cap = AAM_Core_ConfigPress::get(
37	- 'aam.feature.capability', 'administrator'
38	- );
39	} else {
40	$cap = $feature->capability;
41	}
42
43	- if (~~self~~::~~accessGranted~~(~~$feature~~->~~uid,~~ $cap)) {
44	self::$_features[] = $feature;
45	$response = true;
46	}
	@@ -90,27 +88,6 @@ class AAM_Backend_Feature {
90	return $response;
91	}
92
93	- /**
94	- * Check if current user can use feature
95	- *
96	- * Make sure that current user has enough capabilities to use feature
97	- *
98	- * @param string $feature
99	- * @param string $cap
100	- *
101	- * @return boolean
102	- *
103	- * @access protected
104	- * @static
105	- */
106	- protected static function accessGranted($feature, $cap = 'administrator') {
107	- $capability = AAM_Core_ConfigPress::get(
108	- "aam.feature.{$feature}.capability", $cap
109	- );
110	-
111	- return current_user_can($capability);
112	- }
113	-
114	/**
115	* Order list of features or subjectes
116	*


33	$response = false;
34
35	if (empty($feature->capability)){
36	+ $cap = AAM_Core_ConfigPress::get('aam.page.capability', 'administrator');


37	} else {
38	$cap = $feature->capability;
39	}
40
41	+ if (AAM::getUser()->hasCapability($cap)) {
42	self::$_features[] = $feature;
43	$response = true;
44	}

88	return $response;
89	}
90





















91	/**
92	* Order list of features or subjectes
93	*

Application/Backend/Manager.php CHANGED Viewed

	@@ -328,8 +328,15 @@ class AAM_Backend_Manager {
328	*/
329	public function renderContent() {
330	check_ajax_referer('aam_ajax');


331
332	- ~~echo~~ ~~AAM_Backend_View~~::~~getInstance~~()->~~renderContent~~();





333	exit();
334	}
335
	@@ -347,7 +354,14 @@ class AAM_Backend_Manager {
347	while (@ob_end_clean()){}
348
349	//process ajax request
350	- ~~echo~~ ~~AAM_Backend_View~~::~~getInstance~~()~~->processAjax()~~;







351	exit();
352	}
353


328	*/
329	public function renderContent() {
330	check_ajax_referer('aam_ajax');
331	+
332	+ $cap = AAM_Core_ConfigPress::get('aam.page.capability', 'administrator');
333
334	+ if (AAM::getUser()->hasCapability($cap)) {
335	+ echo AAM_Backend_View::getInstance()->renderContent();
336	+ } else {
337	+ echo __('Access Denied', AAM_KEY);
338	+ }
339	+
340	exit();
341	}
342

354	while (@ob_end_clean()){}
355
356	//process ajax request
357	+ $cap = AAM_Core_ConfigPress::get('aam.page.capability', 'administrator');
358	+
359	+ if (AAM::getUser()->hasCapability($cap)) {
360	+ echo AAM_Backend_View::getInstance()->processAjax();
361	+ } else {
362	+ echo __('Access Denied', AAM_KEY);
363	+ }
364	+
365	exit();
366	}
367

Application/Backend/Menu.php CHANGED Viewed

	@@ -15,6 +15,26 @@
15	*/
16	class AAM_Backend_Menu {
17




















18	/**
19	* Get HTML content
20	*
	@@ -32,8 +52,11 @@ class AAM_Backend_Menu {
32	}
33
34	/**

35	*
36	- * @return ~~type~~


37	*/
38	public function reset() {
39	$object = AAM_Backend_View::getSubject()->getObject('menu');
	@@ -160,8 +183,13 @@ class AAM_Backend_Menu {
160	}
161
162	/**

163	*
164	- * ~~@return~~ ~~type~~




165	*/
166	protected function isOverwritten() {
167	$object = AAM_Backend_View::getSubject()->getObject('menu');
	@@ -177,14 +205,17 @@ class AAM_Backend_Menu {
177	* @access public
178	*/
179	public static function register() {


180	AAM_Backend_Feature::registerFeature((object) array(
181	- 'uid' => 'admin_menu',
182	- 'position' => 5,
183	- 'title' => __('Backend Menu', AAM_KEY),
184	- '~~subjects~~' => ~~array(~~

185	'AAM_Core_Subject_Role', 'AAM_Core_Subject_User'
186	),
187	- 'view' => __CLASS__
188	));
189	}
190


15	*/
16	class AAM_Backend_Menu {
17
18	+ /**
19	+ * ConfigPress settings for feature access
20	+ */
21	+ const CAPABILITY_OPTION = 'aam.feature.admin_menu.capability';
22	+
23	+ /**
24	+ * Constructor
25	+ *
26	+ * @return void
27	+ *
28	+ * @access public
29	+ * @throws Exception
30	+ */
31	+ public function __construct() {
32	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
33	+ if (!AAM::getUser()->hasCapability($cap)) {
34	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
35	+ }
36	+ }
37	+
38	/**
39	* Get HTML content
40	*

52	}
53
54	/**
55	+ * Reset menu settings
56	*
57	+ * @return string
58	+ *
59	+ * @access public
60	*/
61	public function reset() {
62	$object = AAM_Backend_View::getSubject()->getObject('menu');

183	}
184
185	/**
186	+ * Check inheritance status
187	*
188	+ * Check if menu settings are overwritten
189	+ *
190	+ * @return boolean
191	+ *
192	+ * @access protected
193	*/
194	protected function isOverwritten() {
195	$object = AAM_Backend_View::getSubject()->getObject('menu');

205	* @access public
206	*/
207	public static function register() {
208	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
209	+
210	AAM_Backend_Feature::registerFeature((object) array(
211	+ 'uid' => 'admin_menu',
212	+ 'position' => 5,
213	+ 'title' => __('Backend Menu', AAM_KEY),
214	+ 'capability' => $cap,
215	+ 'subjects' => array(
216	'AAM_Core_Subject_Role', 'AAM_Core_Subject_User'
217	),
218	+ 'view' => __CLASS__
219	));
220	}
221

Application/Backend/Metabox.php CHANGED Viewed

	@@ -15,6 +15,26 @@
15	*/
16	class AAM_Backend_Metabox {
17




















18	/**
19	* Get HTML content
20	*
	@@ -211,16 +231,19 @@ class AAM_Backend_Metabox {
211	* @access public
212	*/
213	public static function register() {


214	AAM_Backend_Feature::registerFeature((object) array(
215	- 'uid' => 'metabox',
216	- 'position' => 10,
217	- 'title' => __('Metaboxes & Widgets', AAM_KEY),
218	- '~~subjects~~' => ~~array(~~

219	'AAM_Core_Subject_Role',
220	'AAM_Core_Subject_User',
221	'AAM_Core_Subject_Visitor'
222	),
223	- 'view' => __CLASS__
224	));
225	}
226


15	*/
16	class AAM_Backend_Metabox {
17
18	+ /**
19	+ * ConfigPress settings for feature access
20	+ */
21	+ const CAPABILITY_OPTION = 'aam.feature.metabox.capability';
22	+
23	+ /**
24	+ * Constructor
25	+ *
26	+ * @return void
27	+ *
28	+ * @access public
29	+ * @throws Exception
30	+ */
31	+ public function __construct() {
32	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
33	+ if (!AAM::getUser()->hasCapability($cap)) {
34	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
35	+ }
36	+ }
37	+
38	/**
39	* Get HTML content
40	*

231	* @access public
232	*/
233	public static function register() {
234	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
235	+
236	AAM_Backend_Feature::registerFeature((object) array(
237	+ 'uid' => 'metabox',
238	+ 'position' => 10,
239	+ 'title' => __('Metaboxes & Widgets', AAM_KEY),
240	+ 'capability' => $cap,
241	+ 'subjects' => array(
242	'AAM_Core_Subject_Role',
243	'AAM_Core_Subject_User',
244	'AAM_Core_Subject_Visitor'
245	),
246	+ 'view' => __CLASS__
247	));
248	}
249

Application/Backend/Post.php CHANGED Viewed

	@@ -14,6 +14,26 @@
14	* @author Vasyl Martyniuk <vasyl@vasyltech.com>
15	*/
16	class AAM_Backend_Post {




















17
18	/**
19	* Get HTML content
	@@ -99,10 +119,9 @@ class AAM_Backend_Post {
99	* @access protected
100	*/
101	protected function renderPostBreadcrumb() {
102	- $post = get_post(AAM_Core_Request::post('id'));
103	- $terms = wp_get_object_terms(
104	- ~~$post->ID, get_object_taxonomies($post)~~
105	- );
106	$breadcrumb = array();
107	foreach ($terms as $term) {
108	if (is_taxonomy_hierarchical($term->taxonomy)) {
	@@ -162,7 +181,7 @@ class AAM_Backend_Post {
162
163	//retrieve all posts
164	$posts = get_posts(array(
165	- 'post_type' => $type, 'category' => 0,
166	'numberposts' => -1, 'post_status' => 'any'
167	));
168
	@@ -191,9 +210,7 @@ class AAM_Backend_Post {
191	protected function retrieveTermList($taxonomy) {
192	$response = array();
193
194	- $terms = get_terms($taxonomy, array(
195	- 'hide_empty' => false
196	- ));
197
198	foreach ($terms as $term) {
199	$response[] = array(
	@@ -247,10 +264,7 @@ class AAM_Backend_Post {
247	$access = $metadata = array();
248	}
249
250	- return json_encode(array(
251	- 'access' => $access,
252	- 'meta' => $metadata
253	- ));
254	}
255
256	/**
	@@ -283,7 +297,7 @@ class AAM_Backend_Post {
283
284	return json_encode(array(
285	'status' => ($result ? 'success' : 'failure'),
286	- 'error' => (empty($error) ? '' : $error)
287	));
288	}
289
	@@ -307,9 +321,7 @@ class AAM_Backend_Post {
307	$result = false;
308	}
309
310	- return json_encode(
311	- array('status' => ($result ? 'success' : 'failure'))
312	- );
313	}
314
315	/**
	@@ -342,16 +354,19 @@ class AAM_Backend_Post {
342	* @access public
343	*/
344	public static function register() {


345	AAM_Backend_Feature::registerFeature((object) array(
346	- 'uid' => 'post',
347	- 'position' => 20,
348	- 'title' => __('Posts & Pages', AAM_KEY),
349	- '~~subjects~~' => ~~array(~~

350	'AAM_Core_Subject_Role',
351	'AAM_Core_Subject_User',
352	'AAM_Core_Subject_Visitor'
353	),
354	- 'view' => __CLASS__
355	));
356	}
357


14	* @author Vasyl Martyniuk <vasyl@vasyltech.com>
15	*/
16	class AAM_Backend_Post {
17	+
18	+ /**
19	+ * ConfigPress settings for feature access
20	+ */
21	+ const CAPABILITY_OPTION = 'aam.feature.post.capability';
22	+
23	+ /**
24	+ * Constructor
25	+ *
26	+ * @return void
27	+ *
28	+ * @access public
29	+ * @throws Exception
30	+ */
31	+ public function __construct() {
32	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
33	+ if (!AAM::getUser()->hasCapability($cap)) {
34	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
35	+ }
36	+ }
37
38	/**
39	* Get HTML content

119	* @access protected
120	*/
121	protected function renderPostBreadcrumb() {
122	+ $post = get_post(AAM_Core_Request::post('id'));
123	+ $terms = wp_get_object_terms($post->ID, get_object_taxonomies($post));
124	+

125	$breadcrumb = array();
126	foreach ($terms as $term) {
127	if (is_taxonomy_hierarchical($term->taxonomy)) {

181
182	//retrieve all posts
183	$posts = get_posts(array(
184	+ 'post_type' => $type, 'category' => 0,
185	'numberposts' => -1, 'post_status' => 'any'
186	));
187

210	protected function retrieveTermList($taxonomy) {
211	$response = array();
212
213	+ $terms = get_terms($taxonomy, array('hide_empty' => false));


214
215	foreach ($terms as $term) {
216	$response[] = array(

264	$access = $metadata = array();
265	}
266
267	+ return json_encode(array('access' => $access, 'meta' => $metadata));



268	}
269
270	/**

297
298	return json_encode(array(
299	'status' => ($result ? 'success' : 'failure'),
300	+ 'error' => (empty($error) ? '' : $error)
301	));
302	}
303

321	$result = false;
322	}
323
324	+ return json_encode(array('status' => ($result ? 'success' : 'failure')));


325	}
326
327	/**

354	* @access public
355	*/
356	public static function register() {
357	+ $cap = AAM_Core_ConfigPress::get(self::CAPABILITY_OPTION, 'administrator');
358	+
359	AAM_Backend_Feature::registerFeature((object) array(
360	+ 'uid' => 'post',
361	+ 'position' => 20,
362	+ 'title' => __('Posts & Pages', AAM_KEY),
363	+ 'capability' => $cap,
364	+ 'subjects' => array(
365	'AAM_Core_Subject_Role',
366	'AAM_Core_Subject_User',
367	'AAM_Core_Subject_Visitor'
368	),
369	+ 'view' => __CLASS__
370	));
371	}
372

Application/Backend/Role.php CHANGED Viewed

@@ -14,6 +14,21 @@
              * @author Vasyl Martyniuk <vasyl@vasyltech.com>
              */
             class AAM_Backend_Role {
                 /**
                  * Get role list


14	* @author Vasyl Martyniuk <vasyl@vasyltech.com>
15	*/
16	class AAM_Backend_Role {
17	+
18	+ /**
19	+ * Constructor
20	+ *
21	+ * @return void
22	+ *
23	+ * @access public
24	+ * @throws Exception
25	+ */
26	+ public function __construct() {
27	+ $cap = AAM_Core_ConfigPress::get('aam.page.capability', 'administrator');
28	+ if (!AAM::getUser()->hasCapability($cap)) {
29	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
30	+ }
31	+ }
32
33	/**
34	* Get role list

Application/Backend/User.php CHANGED Viewed

@@ -14,6 +14,21 @@
              * @author Vasyl Martyniuk <vasyl@vasyltech.com>
              */
             class AAM_Backend_User {
                 /**
                  * Retrieve list of users


14	* @author Vasyl Martyniuk <vasyl@vasyltech.com>
15	*/
16	class AAM_Backend_User {
17	+
18	+ /**
19	+ * Constructor
20	+ *
21	+ * @return void
22	+ *
23	+ * @access public
24	+ * @throws Exception
25	+ */
26	+ public function __construct() {
27	+ $cap = AAM_Core_ConfigPress::get('aam.page.capability', 'administrator');
28	+ if (!AAM::getUser()->hasCapability($cap)) {
29	+ Throw new Exception(__('Accedd Denied', AAM_KEY));
30	+ }
31	+ }
32
33	/**
34	* Retrieve list of users

Application/Backend/View.php CHANGED Viewed

	@@ -57,6 +57,7 @@ class AAM_Backend_View {
57	AAM_Backend_Post::register();
58	AAM_Backend_Extension::register();
59	AAM_Backend_Contact::register();

60	//feature registration hook
61	do_action('aam-feature-registration');
62	}
	@@ -93,12 +94,11 @@ class AAM_Backend_View {
93	if (method_exists($this, $parts[0])) {
94	$response = call_user_func(array($this, $parts[0]));
95	} elseif (count($parts) == 2) { //cover the Model.method pattern
96	- ~~$classname~~ ~~= 'AAM_Backend_' . $parts[0];~~
97	- ~~if (class_exists(~~$classname)) {
98	- $~~object~~ = new $classname;
99	- if (~~method_exists($object,~~ $~~parts[1]~~)) {
100	- $response = ~~call_user_func~~(~~array($object, $parts[1]~~));
101	- }
102	}
103	}
104


57	AAM_Backend_Post::register();
58	AAM_Backend_Extension::register();
59	AAM_Backend_Contact::register();
60	+
61	//feature registration hook
62	do_action('aam-feature-registration');
63	}

94	if (method_exists($this, $parts[0])) {
95	$response = call_user_func(array($this, $parts[0]));
96	} elseif (count($parts) == 2) { //cover the Model.method pattern
97	+ try {
98	+ $classname = 'AAM_Backend_' . $parts[0];
99	+ $response = call_user_func(array(new $classname, $parts[1]));
100	+ } catch (Exception $e) {
101	+ $response = $e->getMessage();

102	}
103	}
104

Application/Backend/view/index.phtml CHANGED Viewed

	@@ -115,9 +115,7 @@
115	<ul class="nav nav-tabs" role="tablist">
116	<li role="presentation" class="active"><a href="#roles" aria-controls="roles" role="tab" data-toggle="tab"><i class="icon-users"></i> <?php echo __('Roles', AAM_KEY); ?></a></li>
117	<li role="presentation"><a href="#users" aria-controls="users" role="tab" data-toggle="tab"><i class="icon-user"></i> <?php echo __('Users', AAM_KEY); ?></a></li>
118	- <?php if (~~current_user_can(~~'~~edit_users~~')) ~~{ ?>~~
119	- <li role="presentation"><a href="#visitor" aria-controls="visitor" role="tab" data-toggle="tab"><i class="icon-user-secret"></i> <?php echo __('Visitor', AAM_KEY); ?></a></li>
120	- <?php } ?>
121	</ul>
122	<div class="tab-content">
123	<div role="tabpanel" class="tab-pane active" id="roles">
	@@ -248,14 +246,12 @@
248	</div>
249
250	</div>
251	- ~~<?php~~ if ~~(current_user_can('edit_users'))~~ ~~{ ?>~~
252	- <div ~~role="tabpanel"~~ class="~~tab~~-~~pane~~" ~~id="visitor"~~>
253	- <~~div~~ ~~class="visitor-message"~~>
254	- <~~span><?php~~ ~~echo~~ ~~__('Manage~~ ~~access~~ to ~~your~~ ~~website~~ ~~for~~ ~~visitors~~ (~~any~~ ~~user that is not authenticated)~~', AAM_KEY); ~~?>.</span~~>
255	- <button class="btn btn-primary btn-block" id="manage-visitor"><i class="icon-cog"></i> <?php echo __('Manage Visitor', AAM_KEY); ?></button>
256	- </div>
257	</div>
258	- ~~<?php } ?>~~
259	</div>
260	</div>
261	<div class="aam-help-context">


115	<ul class="nav nav-tabs" role="tablist">
116	<li role="presentation" class="active"><a href="#roles" aria-controls="roles" role="tab" data-toggle="tab"><i class="icon-users"></i> <?php echo __('Roles', AAM_KEY); ?></a></li>
117	<li role="presentation"><a href="#users" aria-controls="users" role="tab" data-toggle="tab"><i class="icon-user"></i> <?php echo __('Users', AAM_KEY); ?></a></li>
118	+ <li role="presentation"><a href="#visitor" aria-controls="visitor" role="tab" data-toggle="tab"><i class="icon-user-secret"></i> <?php echo __('Visitor', AAM_KEY); ?></a></li>


119	</ul>
120	<div class="tab-content">
121	<div role="tabpanel" class="tab-pane active" id="roles">

246	</div>
247
248	</div>
249	+ <div role="tabpanel" class="tab-pane" id="visitor">
250	+ <div class="visitor-message">
251	+ <span><?php echo __('Manage access to your website for visitors (any user that is not authenticated)', AAM_KEY); ?>.</span>
252	+ <button class="btn btn-primary btn-block" id="manage-visitor"><i class="icon-cog"></i> <?php echo __('Manage Visitor', AAM_KEY); ?></button>


253	</div>
254	+ </div>
255	</div>
256	</div>
257	<div class="aam-help-context">

Lang/advanced-access-manager-en_US.mo CHANGED Viewed

Binary file

Lang/advanced-access-manager-en_US.po CHANGED Viewed

	@@ -1,19 +1,19 @@
1	msgid ""
2	msgstr ""
3	"Project-Id-Version: AAM\n"
4	- "POT-Creation-Date: 2016-04-23 16:56-0400\n"
5	"PO-Revision-Date: \n"
6	- "Last-Translator: \n"
7	"Language-Team: WP AAM <vasyl@vasyltech.com>\n"
8	- "Language: en_US\n"
9	"MIME-Version: 1.0\n"
10	"Content-Type: text/plain; charset=UTF-8\n"
11	"Content-Transfer-Encoding: 8bit\n"
12	- "X-Generator: Poedit 1.8.7\n"
13	"Plural-Forms: nplurals=2; plural=(n != 1);\n"
14	"X-Poedit-SourceCharset: UTF-8\n"
15	"X-Poedit-KeywordsList: __\n"
16	"X-Poedit-Basepath: ..\n"


17	"X-Poedit-SearchPath-0: .\n"
18
19	#: media/js/aam-ui.js:43 media/js/aam-ui.js:1338


1	msgid ""
2	msgstr ""
3	"Project-Id-Version: AAM\n"
4	+ "POT-Creation-Date: 2016-06-20 14:11-0400\n"
5	"PO-Revision-Date: \n"

6	"Language-Team: WP AAM <vasyl@vasyltech.com>\n"

7	"MIME-Version: 1.0\n"
8	"Content-Type: text/plain; charset=UTF-8\n"
9	"Content-Transfer-Encoding: 8bit\n"
10	+ "X-Generator: Poedit 1.8.8\n"
11	"Plural-Forms: nplurals=2; plural=(n != 1);\n"
12	"X-Poedit-SourceCharset: UTF-8\n"
13	"X-Poedit-KeywordsList: __\n"
14	"X-Poedit-Basepath: ..\n"
15	+ "Last-Translator: \n"
16	+ "Language: en_US\n"
17	"X-Poedit-SearchPath-0: .\n"
18
19	#: media/js/aam-ui.js:43 media/js/aam-ui.js:1338

aam.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	Plugin Name: Advanced Access Manager
5	Description: Manage User and Role Access to WordPress Backend and Frontend.
6	- Version: 3.2.1
7	Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	Author URI: http://www.vasyltech.com
9


3	/**
4	Plugin Name: Advanced Access Manager
5	Description: Manage User and Role Access to WordPress Backend and Frontend.
6	+ Version: 3.2.2
7	Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	Author URI: http://www.vasyltech.com
9

readme.txt CHANGED Viewed

	@@ -1,9 +1,9 @@
1	=== Advanced Access Manager ===
2	Contributors: vasyltech
3	- Tags: access, ~~access manager,~~ role, user, capability, ~~admin,~~ page, post, ~~widget~~
4	Requires at least: 3.8
5	Tested up to: 4.5.2
6	- Stable tag: 3.2.1
7
8	One of the best tools in WordPress repository to manage access to your posts,
9	pages, categories and backend area for users, roles and visitors.
	@@ -45,6 +45,10 @@ out more about the Advanced Access Manager.
45
46	== Changelog ==
47




48	= 3.2.1 =
49	* Added show_screen_options capability support to control Screen Options Tab
50	* Added show_help_tabs capability support to control Help Tabs


1	=== Advanced Access Manager ===
2	Contributors: vasyltech
3	+ Tags: access, role, user, capability, page, post, permission, security
4	Requires at least: 3.8
5	Tested up to: 4.5.2
6	+ Stable tag: 3.2.2
7
8	One of the best tools in WordPress repository to manage access to your posts,
9	pages, categories and backend area for users, roles and visitors.

45
46	== Changelog ==
47
48	+ = 3.2.2 =
49	+ * Improved AAM security reported by James Golovich from Pritect
50	+ * Extended core to allow manage access to AAM features via ConfigPress
51	+
52	= 3.2.1 =
53	* Added show_screen_options capability support to control Screen Options Tab
54	* Added show_help_tabs capability support to control Help Tabs