Advanced Access Manager - Version 4.6.2

Version Description

  • Added ability to logout automatically locked user
  • Updated capability feature to allow set custom capabilities on user level
  • Improved Posts & Pages feature for large number of posts
  • Few minor bug fixed reported by CodePinch
Download this release

Release Info

Developer vasyl_m
Plugin Icon 128x128 Advanced Access Manager
Version 4.6.2
Comparing to
See all releases

Code changes from version 4.6.1 to 4.6.2

Application/Backend/Feature/Capability.php CHANGED
@@ -53,21 +53,7 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
53
  * @return type
54
  */
55
  public function getTable() {
56
- $response = array('data' => array());
57
-
58
- $subject = AAM_Backend_View::getSubject();
59
- if ($subject instanceof AAM_Core_Subject_Role) {
60
- $response['data'] = $this->retrieveAllCaps();
61
- } else {
62
- foreach ($this->getCapabilityList($subject) as $cap) {
63
- $response['data'][] = array(
64
- $cap,
65
- $this->getGroup($cap),
66
- $cap,
67
- $this->prepareActionList($cap)
68
- );
69
- }
70
- }
71
 
72
  return json_encode($response);
73
  }
@@ -89,7 +75,7 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
89
 
90
  if (!isset($allcaps[$updated])) {
91
  foreach($roles->role_objects as $role) {
92
- //check if capability is present for current role! Please notice, we
93
  //can not use the native WP_Role::has_cap function because it will
94
  //return false if capability exists but not checked
95
  if (isset($role->capabilities[$capability])) {
@@ -151,29 +137,6 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
151
  return 'object/capability.phtml';
152
  }
153
 
154
- /**
155
- *
156
- * @param AAM_Core_Subject_User $subject
157
- * @return type
158
- */
159
- protected function getCapabilityList(AAM_Core_Subject_User $subject) {
160
- $list = array();
161
-
162
- //IMPORTANT! Cause it is possible that user is not assigned to any role
163
- $roles = $subject->roles;
164
-
165
- if (is_array($roles)) {
166
- foreach($roles as $slug) {
167
- $role = AAM_Core_API::getRoles()->get_role($slug);
168
- if ($role) {
169
- $list = array_keys($role->capabilities);
170
- break;
171
- }
172
- }
173
- }
174
- return $list;
175
- }
176
-
177
  /**
178
  *
179
  * @param type $cap
@@ -271,6 +234,7 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
271
  if ($capability) {
272
  //add the capability to administrator's role as default behavior
273
  AAM_Core_API::getRoles()->add_cap('administrator', $capability);
 
274
  $response = array('status' => 'success');
275
  } else {
276
  $response = array('status' => 'failure');
53
  * @return type
54
  */
55
  public function getTable() {
56
+ $response = array('data' => $this->retrieveAllCaps());
 
 
 
 
 
 
 
 
 
 
 
 
 
 
57
 
58
  return json_encode($response);
59
  }
75
 
76
  if (!isset($allcaps[$updated])) {
77
  foreach($roles->role_objects as $role) {
78
+ //check if capability is present for current role! Please note, we
79
  //can not use the native WP_Role::has_cap function because it will
80
  //return false if capability exists but not checked
81
  if (isset($role->capabilities[$capability])) {
137
  return 'object/capability.phtml';
138
  }
139
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
140
  /**
141
  *
142
  * @param type $cap
234
  if ($capability) {
235
  //add the capability to administrator's role as default behavior
236
  AAM_Core_API::getRoles()->add_cap('administrator', $capability);
237
+ AAM_Backend_View::getSubject()->addCapability($capability);
238
  $response = array('status' => 'success');
239
  } else {
240
  $response = array('status' => 'failure');
Application/Backend/Feature/Post.php CHANGED
@@ -115,7 +115,7 @@ class AAM_Backend_Feature_Post extends AAM_Backend_Feature_Abstract {
115
  $record->ID,
116
  get_edit_post_link($record->ID, 'link'),
117
  'post',
118
- $record->post_title,
119
  apply_filters('aam-post-row-actions-filter', 'manage,edit', $record)
120
  );
121
  } else { //term
@@ -150,37 +150,31 @@ class AAM_Backend_Feature_Post extends AAM_Backend_Feature_Abstract {
150
  foreach (get_object_taxonomies($type, 'objects') as $tax) {
151
  if (is_taxonomy_hierarchical($tax->name)) {
152
  //get all terms that have no parent category
153
- $list = array_merge($list, $this->retrieveTermList($tax->name));
154
  }
155
  }
156
 
157
  //retrieve all posts
158
- $list = array_merge(
159
  $list,
160
  get_posts(array(
161
  'post_type' => $type, 'category' => 0, 's' => $s,
162
- 'numberposts' => -1, 'post_status' => 'any'
163
  ))
164
  );
165
 
166
- foreach($list as $row) {
167
- if (isset($row->term_id)) { //this is term
168
- if (empty($s) || stripos($row->name, $s) !== false) {
169
- $filtered[] = $row;
170
- }
171
- } elseif (isset($row->ID)) { //this is post
172
- if (empty($s) || stripos($row->post_title, $s) !== false) {
173
- if (!empty($row->post_title)) {
174
- $filtered[] = $row;
175
- }
176
- }
177
  }
178
  }
179
 
180
  return (object) array(
181
  'total' => count($list),
182
- 'filtered' => count($filtered),
183
- 'records' => array_slice($filtered, $start, $length)
184
  );
185
  }
186
 
@@ -193,12 +187,12 @@ class AAM_Backend_Feature_Post extends AAM_Backend_Feature_Abstract {
193
  *
194
  * @access protected
195
  */
196
- protected function retrieveTermList($taxonomy) {
197
  $response = array();
 
198
 
199
- foreach (get_terms($taxonomy, array('hide_empty' => false)) as $term) {
200
- $term->taxonomy = $taxonomy;
201
- $response[] = $term;
202
  }
203
 
204
  return $response;
115
  $record->ID,
116
  get_edit_post_link($record->ID, 'link'),
117
  'post',
118
+ (!empty($record->post_title) ? $record->post_title : 'Reference To: ' . $record->post_name),
119
  apply_filters('aam-post-row-actions-filter', 'manage,edit', $record)
120
  );
121
  } else { //term
150
  foreach (get_object_taxonomies($type, 'objects') as $tax) {
151
  if (is_taxonomy_hierarchical($tax->name)) {
152
  //get all terms that have no parent category
153
+ $list = array_merge($list, $this->retrieveTermList($tax->name, $s));
154
  }
155
  }
156
 
157
  //retrieve all posts
158
+ $combined = array_merge(
159
  $list,
160
  get_posts(array(
161
  'post_type' => $type, 'category' => 0, 's' => $s,
162
+ 'numberposts' => -1, 'post_status' => 'any', 'fields' => 'ids'
163
  ))
164
  );
165
 
166
+ foreach(array_slice($combined, $start, $length) as $row) {
167
+ if (isset($row['taxonomy'])) { //this is term
168
+ $filtered[] = get_term($row['id'], $row['taxonomy']);
169
+ } else { //this is post
170
+ $filtered[] = get_post($row);
 
 
 
 
 
 
171
  }
172
  }
173
 
174
  return (object) array(
175
  'total' => count($list),
176
+ 'filtered' => count($combined),
177
+ 'records' => $filtered
178
  );
179
  }
180
 
187
  *
188
  * @access protected
189
  */
190
+ protected function retrieveTermList($taxonomy, $s = null) {
191
  $response = array();
192
+ $args = array('fields' => 'ids', 'hide_empty' => false, 'search' => $s);
193
 
194
+ foreach (get_terms($taxonomy, $args) as $term) {
195
+ $response[] = array('taxonomy' => $taxonomy, 'id' => $term);
 
196
  }
197
 
198
  return $response;
Application/Backend/Filter.php CHANGED
@@ -112,12 +112,11 @@ class AAM_Backend_Filter {
112
 
113
  if (is_null($default)) {
114
  //check if user category is defined
115
- $default = AAM_Core_Config::get(
116
- 'default.category.user.' . get_current_user_id(), $default
117
- );
118
 
119
- if (is_null($default)) {
120
- $roles = AAM::getUser()->roles;
121
  $default = AAM_Core_Config::get(
122
  'default.category.role.' . array_shift($roles), false
123
  );
112
 
113
  if (is_null($default)) {
114
  //check if user category is defined
115
+ $id = get_current_user_id();
116
+ $default = AAM_Core_Config::get('default.category.user.' . $id , null);
117
+ $roles = AAM::getUser()->roles;
118
 
119
+ if (is_null($default) && count($roles)) {
 
120
  $default = AAM_Core_Config::get(
121
  'default.category.role.' . array_shift($roles), false
122
  );
Application/Backend/View.php CHANGED
@@ -101,6 +101,11 @@ class AAM_Backend_View {
101
  return $content;
102
  }
103
 
 
 
 
 
 
104
  public function renderPostMetabox($post) {
105
  ob_start();
106
  require_once(dirname(__FILE__) . '/phtml/post-metabox.phtml');
@@ -110,6 +115,11 @@ class AAM_Backend_View {
110
  return $content;
111
  }
112
 
 
 
 
 
 
113
  public function renderTermMetabox($term) {
114
  ob_start();
115
  require_once(dirname(__FILE__) . '/phtml/term-metabox.phtml');
101
  return $content;
102
  }
103
 
104
+ /**
105
+ *
106
+ * @param type $post
107
+ * @return type
108
+ */
109
  public function renderPostMetabox($post) {
110
  ob_start();
111
  require_once(dirname(__FILE__) . '/phtml/post-metabox.phtml');
115
  return $content;
116
  }
117
 
118
+ /**
119
+ *
120
+ * @param type $term
121
+ * @return type
122
+ */
123
  public function renderTermMetabox($term) {
124
  ob_start();
125
  require_once(dirname(__FILE__) . '/phtml/term-metabox.phtml');
Application/Backend/phtml/extension.phtml CHANGED
@@ -39,7 +39,7 @@
39
  <tr class="aam-highligh-row">
40
  <td colspan="2">Do not know which extension to choose? <b>Please do not hesitate to <a href="mailto:support@aamplugin.com">send us a message to support@aamplugin.com</a></b>. We speak English, Russian, Ukrainian and Polish. Any other language is acceptable, however we might have some lost in translation.</td>
41
  </tr>
42
- <?php } else { ?>
43
  <tr>
44
  <td>
45
  <span class='aam-setting-title'><?php echo $product['title'], (!empty($product['new']) ? ' <span class="badge">NEW</span> ' : ''), (!empty($product['version']) ? ' <small class="text-muted">v' . $product['version'] . '</small>' : ''), ' - ' . ($product['price'] . ' <small>' . $product['currency'] . '</small>'); ?></span>
@@ -60,7 +60,6 @@
60
  <?php } ?>
61
  </td>
62
  </tr>
63
- <?php } ?>
64
  <?php } ?>
65
  </tbody>
66
  </table>
39
  <tr class="aam-highligh-row">
40
  <td colspan="2">Do not know which extension to choose? <b>Please do not hesitate to <a href="mailto:support@aamplugin.com">send us a message to support@aamplugin.com</a></b>. We speak English, Russian, Ukrainian and Polish. Any other language is acceptable, however we might have some lost in translation.</td>
41
  </tr>
42
+ <?php } ?>
43
  <tr>
44
  <td>
45
  <span class='aam-setting-title'><?php echo $product['title'], (!empty($product['new']) ? ' <span class="badge">NEW</span> ' : ''), (!empty($product['version']) ? ' <small class="text-muted">v' . $product['version'] . '</small>' : ''), ' - ' . ($product['price'] . ' <small>' . $product['currency'] . '</small>'); ?></span>
60
  <?php } ?>
61
  </td>
62
  </tr>
 
63
  <?php } ?>
64
  </tbody>
65
  </table>
Application/Backend/phtml/object/capability.phtml CHANGED
@@ -1,15 +1,6 @@
1
  <?php if (defined('AAM_KEY')) { ?>
2
  <div class="aam-feature" id="capability-content">
3
  <?php $subject = AAM_Backend_View::getSubject(); ?>
4
- <?php if ($subject->getUID() == 'user') { ?>
5
- <div class="row">
6
- <div class="col-xs-12">
7
- <p class="aam-info">
8
- <?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('You are not allowed to assign or create a new capability that does not belong to [%s] role. You may consider to creating a new role with desired list of capabilities and assign user to it.', 'strong'), implode(' , ', $this->getUserRoles($subject->roles))); ?>
9
- </p>
10
- </div>
11
- </div>
12
- <?php } ?>
13
  <div class="aam-feature-top-actions text-right">
14
  <div class="btn-group">
15
  <a href="#" class="btn btn-xs btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" id="capability-filter">
@@ -23,9 +14,7 @@
23
  <li><a href="#" data-clear="true"><?php echo __('All Capabilities', AAM_KEY); ?></a></li>
24
  </ul>
25
  </div>
26
- <?php if ($subject->getUID() != 'user') { ?>
27
- <a href="#" class="btn btn-xs btn-primary" id="add-capability"><i class="icon-plus"></i> <?php echo __('Create', AAM_KEY); ?></a>
28
- <?php } ?>
29
  </div>
30
 
31
  <table id="capability-list" class="table table-striped table-bordered">
1
  <?php if (defined('AAM_KEY')) { ?>
2
  <div class="aam-feature" id="capability-content">
3
  <?php $subject = AAM_Backend_View::getSubject(); ?>
 
 
 
 
 
 
 
 
 
4
  <div class="aam-feature-top-actions text-right">
5
  <div class="btn-group">
6
  <a href="#" class="btn btn-xs btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" id="capability-filter">
14
  <li><a href="#" data-clear="true"><?php echo __('All Capabilities', AAM_KEY); ?></a></li>
15
  </ul>
16
  </div>
17
+ <a href="#" class="btn btn-xs btn-primary" id="add-capability"><i class="icon-plus"></i> <?php echo __('Create', AAM_KEY); ?></a>
 
 
18
  </div>
19
 
20
  <table id="capability-list" class="table table-striped table-bordered">
Application/Core/Subject/Role.php CHANGED
@@ -112,7 +112,7 @@ class AAM_Core_Subject_Role extends AAM_Core_Subject {
112
  * @access public
113
  */
114
  public function addCapability($capability) {
115
- $this->getSubject()->add_cap($capability, 1);
116
 
117
  return true;
118
  }
112
  * @access public
113
  */
114
  public function addCapability($capability) {
115
+ $this->getSubject()->add_cap($capability, true);
116
 
117
  return true;
118
  }
Application/Core/Subject/User.php CHANGED
@@ -24,7 +24,7 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
24
  * AAM Capability Key
25
  *
26
  * It is very important to have all user capability changes be stored in
27
- * seperate options from the wp_capabilities usermeta cause if AAM is not
28
  * active as a plugin, it reverts back to the default WordPress settings
29
  */
30
  const AAM_CAPKEY = 'aam_capability';
@@ -127,17 +127,7 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
127
  * @access public
128
  */
129
  public function addCapability($capability) {
130
- //check if user is capable to have this capability
131
- $map = call_user_func_array(
132
- 'map_meta_cap', array($capability, $this->getSubject()->ID)
133
- );
134
- if (!in_array('do_not_allow', $map)) {
135
- $response = $this->updateCapability($capability, true);
136
- } else {
137
- $response = false;
138
- }
139
-
140
- return $response;
141
  }
142
 
143
  /**
24
  * AAM Capability Key
25
  *
26
  * It is very important to have all user capability changes be stored in
27
+ * separate options from the wp_capabilities usermeta cause if AAM is not
28
  * active as a plugin, it reverts back to the default WordPress settings
29
  */
30
  const AAM_CAPKEY = 'aam_capability';
127
  * @access public
128
  */
129
  public function addCapability($capability) {
130
+ return $this->updateCapability($capability, true);
 
 
 
 
 
 
 
 
 
 
131
  }
132
 
133
  /**
aam.php CHANGED
@@ -3,7 +3,7 @@
3
  /**
4
  Plugin Name: Advanced Access Manager
5
  Description: Manage website access for any user, role or visitors
6
- Version: 4.6.1
7
  Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  Author URI: https://www.vasyltech.com
9
 
@@ -47,13 +47,15 @@ class AAM {
47
  * @access protected
48
  */
49
  protected function __construct() {
 
 
50
  //initialize the user subject
51
- if (get_current_user_id()) {
52
- $this->setUser(new AAM_Core_Subject_User(get_current_user_id()));
53
  } else {
54
  $this->setUser(new AAM_Core_Subject_Visitor(''));
55
  }
56
-
57
  //load AAM core config
58
  AAM_Core_Config::bootstrap();
59
  }
@@ -119,6 +121,11 @@ class AAM {
119
  //load all installed extension
120
  //TODO - Remove in Aug 2017
121
  AAM_Extension_Repository::getInstance()->load();
 
 
 
 
 
122
 
123
  //bootstrap the correct interface
124
  if (is_admin()) {
3
  /**
4
  Plugin Name: Advanced Access Manager
5
  Description: Manage website access for any user, role or visitors
6
+ Version: 4.6.2
7
  Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  Author URI: https://www.vasyltech.com
9
 
47
  * @access protected
48
  */
49
  protected function __construct() {
50
+ $uid = get_current_user_id();
51
+
52
  //initialize the user subject
53
+ if ($uid) {
54
+ $this->setUser(new AAM_Core_Subject_User($uid));
55
  } else {
56
  $this->setUser(new AAM_Core_Subject_Visitor(''));
57
  }
58
+
59
  //load AAM core config
60
  AAM_Core_Config::bootstrap();
61
  }
121
  //load all installed extension
122
  //TODO - Remove in Aug 2017
123
  AAM_Extension_Repository::getInstance()->load();
124
+
125
+ //check if user is locked
126
+ if (get_current_user_id() && AAM::getUser()->user_status == 1) {
127
+ wp_logout();
128
+ }
129
 
130
  //bootstrap the correct interface
131
  if (is_admin()) {
media/js/aam-interface.js CHANGED
@@ -148,8 +148,6 @@
148
  $('i.icon-spin4', container).attr(
149
  'class', 'aam-row-action icon-cog text-muted'
150
  );
151
- //Show add capability that may be hidden after manager user
152
- $('#add-capability').show();
153
  } else {
154
  $.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
155
  }
@@ -598,8 +596,6 @@
598
  $('i.icon-cog', container).attr('class', 'aam-row-action icon-spin4 animate-spin');
599
  aam.fetchContent();
600
  $('i.icon-spin4', container).attr('class', 'aam-row-action icon-cog text-muted');
601
- //make sure that there is no way user add's new capability
602
- $('#add-capability').hide();
603
  } else {
604
  $.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
605
  }
@@ -1175,7 +1171,9 @@
1175
  action: 'aam',
1176
  sub_action: 'Capability.add',
1177
  _ajax_nonce: aamLocal.nonce,
1178
- capability: capability
 
 
1179
  },
1180
  beforeSend: function () {
1181
  $(_this).text(aam.__('Saving...')).attr('disabled', true);
148
  $('i.icon-spin4', container).attr(
149
  'class', 'aam-row-action icon-cog text-muted'
150
  );
 
 
151
  } else {
152
  $.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
153
  }
596
  $('i.icon-cog', container).attr('class', 'aam-row-action icon-spin4 animate-spin');
597
  aam.fetchContent();
598
  $('i.icon-spin4', container).attr('class', 'aam-row-action icon-cog text-muted');
 
 
599
  } else {
600
  $.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
601
  }
1171
  action: 'aam',
1172
  sub_action: 'Capability.add',
1173
  _ajax_nonce: aamLocal.nonce,
1174
+ capability: capability,
1175
+ subject: aam.getSubject().type,
1176
+ subjectId: aam.getSubject().id
1177
  },
1178
  beforeSend: function () {
1179
  $(_this).text(aam.__('Saving...')).attr('disabled', true);
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: vasyltech
3
  Tags: access, role, user, capability, page access, post access, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin, 404, activity tracking
4
  Requires at least: 3.8
5
  Tested up to: 4.7.3
6
- Stable tag: 4.6.1
7
 
8
  Manage access to your website for any user, role or visitors for both frontend and backend.
9
 
@@ -110,6 +110,12 @@ Check our [help page](https://aamplugin.com/help) to find out more about AAM.
110
 
111
  == Changelog ==
112
 
 
 
 
 
 
 
113
  = 4.6.1 =
114
  * Fixed bug with user capabilities
115
  * Fixed bug with post access settings not being checked even when they are
3
  Tags: access, role, user, capability, page access, post access, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin, 404, activity tracking
4
  Requires at least: 3.8
5
  Tested up to: 4.7.3
6
+ Stable tag: 4.6.2
7
 
8
  Manage access to your website for any user, role or visitors for both frontend and backend.
9
 
110
 
111
  == Changelog ==
112
 
113
+ = 4.6.2 =
114
+ * Added ability to logout automatically locked user
115
+ * Updated capability feature to allow set custom capabilities on user level
116
+ * Improved Posts & Pages feature for large number of posts
117
+ * Few minor bug fixed reported by CodePinch
118
+
119
  = 4.6.1 =
120
  * Fixed bug with user capabilities
121
  * Fixed bug with post access settings not being checked even when they are