Advanced Access Manager - Version 4.6.2

Version Description

Added ability to logout automatically locked user
Updated capability feature to allow set custom capabilities on user level
Improved Posts & Pages feature for large number of posts
Few minor bug fixed reported by CodePinch

Release Info

Developer	vasyl_m
Plugin	Advanced Access Manager
Version	4.6.2
Comparing to
See all releases

Code changes from version 4.6.1 to 4.6.2

Files changed (11) hide show

Application/Backend/Feature/Capability.php +3 -39
Application/Backend/Feature/Post.php +15 -21
Application/Backend/Filter.php +4 -5
Application/Backend/View.php +10 -0
Application/Backend/phtml/extension.phtml +1 -2
Application/Backend/phtml/object/capability.phtml +1 -12
Application/Core/Subject/Role.php +1 -1
Application/Core/Subject/User.php +2 -12
aam.php +11 -4
media/js/aam-interface.js +3 -5
readme.txt +7 -1

Application/Backend/Feature/Capability.php CHANGED Viewed

	@@ -53,21 +53,7 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
53	* @return type
54	*/
55	public function getTable() {
56	- $response = array('data' => ~~array~~());
57	-
58	- $subject = AAM_Backend_View::getSubject();
59	- if ($subject instanceof AAM_Core_Subject_Role) {
60	- $response['data'] = $this->retrieveAllCaps();
61	- } else {
62	- foreach ($this->getCapabilityList($subject) as $cap) {
63	- $response['data'][] = array(
64	- $cap,
65	- $this->getGroup($cap),
66	- $cap,
67	- $this->prepareActionList($cap)
68	- );
69	- }
70	- }
71
72	return json_encode($response);
73	}
	@@ -89,7 +75,7 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
89
90	if (!isset($allcaps[$updated])) {
91	foreach($roles->role_objects as $role) {
92	- //check if capability is present for current role! Please ~~notice~~, we
93	//can not use the native WP_Role::has_cap function because it will
94	//return false if capability exists but not checked
95	if (isset($role->capabilities[$capability])) {
	@@ -151,29 +137,6 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
151	return 'object/capability.phtml';
152	}
153
154	- /**
155	- *
156	- * @param AAM_Core_Subject_User $subject
157	- * @return type
158	- */
159	- protected function getCapabilityList(AAM_Core_Subject_User $subject) {
160	- $list = array();
161	-
162	- //IMPORTANT! Cause it is possible that user is not assigned to any role
163	- $roles = $subject->roles;
164	-
165	- if (is_array($roles)) {
166	- foreach($roles as $slug) {
167	- $role = AAM_Core_API::getRoles()->get_role($slug);
168	- if ($role) {
169	- $list = array_keys($role->capabilities);
170	- break;
171	- }
172	- }
173	- }
174	- return $list;
175	- }
176	-
177	/**
178	*
179	* @param type $cap
	@@ -271,6 +234,7 @@ class AAM_Backend_Feature_Capability extends AAM_Backend_Feature_Abstract {
271	if ($capability) {
272	//add the capability to administrator's role as default behavior
273	AAM_Core_API::getRoles()->add_cap('administrator', $capability);

274	$response = array('status' => 'success');
275	} else {
276	$response = array('status' => 'failure');


53	* @return type
54	*/
55	public function getTable() {
56	+ $response = array('data' => $this->retrieveAllCaps());














57
58	return json_encode($response);
59	}

75
76	if (!isset($allcaps[$updated])) {
77	foreach($roles->role_objects as $role) {
78	+ //check if capability is present for current role! Please note, we
79	//can not use the native WP_Role::has_cap function because it will
80	//return false if capability exists but not checked
81	if (isset($role->capabilities[$capability])) {

137	return 'object/capability.phtml';
138	}
139























140	/**
141	*
142	* @param type $cap

234	if ($capability) {
235	//add the capability to administrator's role as default behavior
236	AAM_Core_API::getRoles()->add_cap('administrator', $capability);
237	+ AAM_Backend_View::getSubject()->addCapability($capability);
238	$response = array('status' => 'success');
239	} else {
240	$response = array('status' => 'failure');

Application/Backend/Feature/Post.php CHANGED Viewed

	@@ -115,7 +115,7 @@ class AAM_Backend_Feature_Post extends AAM_Backend_Feature_Abstract {
115	$record->ID,
116	get_edit_post_link($record->ID, 'link'),
117	'post',
118	- $record->post_title,
119	apply_filters('aam-post-row-actions-filter', 'manage,edit', $record)
120	);
121	} else { //term
	@@ -150,37 +150,31 @@ class AAM_Backend_Feature_Post extends AAM_Backend_Feature_Abstract {
150	foreach (get_object_taxonomies($type, 'objects') as $tax) {
151	if (is_taxonomy_hierarchical($tax->name)) {
152	//get all terms that have no parent category
153	- $list = array_merge($list, $this->retrieveTermList($tax->name));
154	}
155	}
156
157	//retrieve all posts
158	- $~~list~~ = array_merge(
159	$list,
160	get_posts(array(
161	'post_type' => $type, 'category' => 0, 's' => $s,
162	- 'numberposts' => -1, 'post_status' => 'any'
163	))
164	);
165
166	- foreach($~~list~~ as $row) {
167	- if (isset($row~~->term_id~~)) { //this is term
168	- ~~if (empty(~~$s) \|\| ~~stripos~~($row~~->name~~, $s) ~~!== false) {~~
169	- ~~$filtered[]~~ = ~~$row;~~
170	- }
171	- } elseif (isset($row->ID)) { //this is post
172	- if (empty($s) \|\| stripos($row->post_title, $s) !== false) {
173	- if (!empty($row->post_title)) {
174	- $filtered[] = $row;
175	- }
176	- }
177	}
178	}
179
180	return (object) array(
181	'total' => count($list),
182	- 'filtered' => count($~~filtered~~),
183	- 'records' => ~~array_slice(~~$filtered~~, $start, $length)~~
184	);
185	}
186
	@@ -193,12 +187,12 @@ class AAM_Backend_Feature_Post extends AAM_Backend_Feature_Abstract {
193	*
194	* @access protected
195	*/
196	- protected function retrieveTermList($taxonomy) {
197	$response = array();

198
199	- foreach (get_terms($taxonomy, ~~array('hide_empty' => false~~)) as $term) {
200	- $~~term->taxonomy~~ = $taxonomy;
201	- $response[] = $term;
202	}
203
204	return $response;


115	$record->ID,
116	get_edit_post_link($record->ID, 'link'),
117	'post',
118	+ (!empty($record->post_title) ? $record->post_title : 'Reference To: ' . $record->post_name),
119	apply_filters('aam-post-row-actions-filter', 'manage,edit', $record)
120	);
121	} else { //term

150	foreach (get_object_taxonomies($type, 'objects') as $tax) {
151	if (is_taxonomy_hierarchical($tax->name)) {
152	//get all terms that have no parent category
153	+ $list = array_merge($list, $this->retrieveTermList($tax->name, $s));
154	}
155	}
156
157	//retrieve all posts
158	+ $combined = array_merge(
159	$list,
160	get_posts(array(
161	'post_type' => $type, 'category' => 0, 's' => $s,
162	+ 'numberposts' => -1, 'post_status' => 'any', 'fields' => 'ids'
163	))
164	);
165
166	+ foreach(array_slice($combined, $start, $length) as $row) {
167	+ if (isset($row['taxonomy'])) { //this is term
168	+ $filtered[] = get_term($row['id'], $row['taxonomy']);
169	+ } else { //this is post
170	+ $filtered[] = get_post($row);






171	}
172	}
173
174	return (object) array(
175	'total' => count($list),
176	+ 'filtered' => count($combined),
177	+ 'records' => $filtered
178	);
179	}
180

187	*
188	* @access protected
189	*/
190	+ protected function retrieveTermList($taxonomy, $s = null) {
191	$response = array();
192	+ $args = array('fields' => 'ids', 'hide_empty' => false, 'search' => $s);
193
194	+ foreach (get_terms($taxonomy, $args) as $term) {
195	+ $response[] = array('taxonomy' => $taxonomy, 'id' => $term);

196	}
197
198	return $response;

Application/Backend/Filter.php CHANGED Viewed

	@@ -112,12 +112,11 @@ class AAM_Backend_Filter {
112
113	if (is_null($default)) {
114	//check if user category is defined
115	- $~~default~~ = ~~AAM_Core_Config::get~~(
116	- 'default.category.user.' . ~~get_current_user_id()~~, ~~$default~~
117	- );
118
119	- if (is_null($default)) {
120	- $roles = AAM::getUser()->roles;
121	$default = AAM_Core_Config::get(
122	'default.category.role.' . array_shift($roles), false
123	);


112
113	if (is_null($default)) {
114	//check if user category is defined
115	+ $id = get_current_user_id();
116	+ $default = AAM_Core_Config::get('default.category.user.' . $id , null);
117	+ $roles = AAM::getUser()->roles;
118
119	+ if (is_null($default) && count($roles)) {

120	$default = AAM_Core_Config::get(
121	'default.category.role.' . array_shift($roles), false
122	);

Application/Backend/View.php CHANGED Viewed

	@@ -101,6 +101,11 @@ class AAM_Backend_View {
101	return $content;
102	}
103





104	public function renderPostMetabox($post) {
105	ob_start();
106	require_once(dirname(__FILE__) . '/phtml/post-metabox.phtml');
	@@ -110,6 +115,11 @@ class AAM_Backend_View {
110	return $content;
111	}
112





113	public function renderTermMetabox($term) {
114	ob_start();
115	require_once(dirname(__FILE__) . '/phtml/term-metabox.phtml');


101	return $content;
102	}
103
104	+ /**
105	+ *
106	+ * @param type $post
107	+ * @return type
108	+ */
109	public function renderPostMetabox($post) {
110	ob_start();
111	require_once(dirname(__FILE__) . '/phtml/post-metabox.phtml');

115	return $content;
116	}
117
118	+ /**
119	+ *
120	+ * @param type $term
121	+ * @return type
122	+ */
123	public function renderTermMetabox($term) {
124	ob_start();
125	require_once(dirname(__FILE__) . '/phtml/term-metabox.phtml');

Application/Backend/phtml/extension.phtml CHANGED Viewed

	@@ -39,7 +39,7 @@
39	<tr class="aam-highligh-row">
40	<td colspan="2">Do not know which extension to choose? <b>Please do not hesitate to <a href="mailto:support@aamplugin.com">send us a message to support@aamplugin.com</a></b>. We speak English, Russian, Ukrainian and Polish. Any other language is acceptable, however we might have some lost in translation.</td>
41	</tr>
42	- <?php } ~~else {~~ ?>
43	<tr>
44	<td>
45	<span class='aam-setting-title'><?php echo $product['title'], (!empty($product['new']) ? ' <span class="badge">NEW</span> ' : ''), (!empty($product['version']) ? ' <small class="text-muted">v' . $product['version'] . '</small>' : ''), ' - ' . ($product['price'] . ' <small>' . $product['currency'] . '</small>'); ?></span>
	@@ -60,7 +60,6 @@
60	<?php } ?>
61	</td>
62	</tr>
63	- <?php } ?>
64	<?php } ?>
65	</tbody>
66	</table>


39	<tr class="aam-highligh-row">
40	<td colspan="2">Do not know which extension to choose? <b>Please do not hesitate to <a href="mailto:support@aamplugin.com">send us a message to support@aamplugin.com</a></b>. We speak English, Russian, Ukrainian and Polish. Any other language is acceptable, however we might have some lost in translation.</td>
41	</tr>
42	+ <?php } ?>
43	<tr>
44	<td>
45	<span class='aam-setting-title'><?php echo $product['title'], (!empty($product['new']) ? ' <span class="badge">NEW</span> ' : ''), (!empty($product['version']) ? ' <small class="text-muted">v' . $product['version'] . '</small>' : ''), ' - ' . ($product['price'] . ' <small>' . $product['currency'] . '</small>'); ?></span>

60	<?php } ?>
61	</td>
62	</tr>

63	<?php } ?>
64	</tbody>
65	</table>

Application/Backend/phtml/object/capability.phtml CHANGED Viewed

	@@ -1,15 +1,6 @@
1	<?php if (defined('AAM_KEY')) { ?>
2	<div class="aam-feature" id="capability-content">
3	<?php $subject = AAM_Backend_View::getSubject(); ?>
4	- <?php if ($subject->getUID() == 'user') { ?>
5	- <div class="row">
6	- <div class="col-xs-12">
7	- <p class="aam-info">
8	- <?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('You are not allowed to assign or create a new capability that does not belong to [%s] role. You may consider to creating a new role with desired list of capabilities and assign user to it.', 'strong'), implode(' , ', $this->getUserRoles($subject->roles))); ?>
9	- </p>
10	- </div>
11	- </div>
12	- <?php } ?>
13	<div class="aam-feature-top-actions text-right">
14	<div class="btn-group">
15	<a href="#" class="btn btn-xs btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" id="capability-filter">
	@@ -23,9 +14,7 @@
23	<li><a href="#" data-clear="true"><?php echo __('All Capabilities', AAM_KEY); ?></a></li>
24	</ul>
25	</div>
26	- <?php if (~~$subject->getUID() !=~~ '~~user~~') ~~{ ?>~~
27	- <a href="#" class="btn btn-xs btn-primary" id="add-capability"><i class="icon-plus"></i> <?php echo __('Create', AAM_KEY); ?></a>
28	- <?php } ?>
29	</div>
30
31	<table id="capability-list" class="table table-striped table-bordered">


1	<?php if (defined('AAM_KEY')) { ?>
2	<div class="aam-feature" id="capability-content">
3	<?php $subject = AAM_Backend_View::getSubject(); ?>









4	<div class="aam-feature-top-actions text-right">
5	<div class="btn-group">
6	<a href="#" class="btn btn-xs btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" id="capability-filter">

14	<li><a href="#" data-clear="true"><?php echo __('All Capabilities', AAM_KEY); ?></a></li>
15	</ul>
16	</div>
17	+ <a href="#" class="btn btn-xs btn-primary" id="add-capability"><i class="icon-plus"></i> <?php echo __('Create', AAM_KEY); ?></a>


18	</div>
19
20	<table id="capability-list" class="table table-striped table-bordered">

Application/Core/Subject/Role.php CHANGED Viewed

	@@ -112,7 +112,7 @@ class AAM_Core_Subject_Role extends AAM_Core_Subject {
112	* @access public
113	*/
114	public function addCapability($capability) {
115	- $this->getSubject()->add_cap($capability, 1);
116
117	return true;
118	}


112	* @access public
113	*/
114	public function addCapability($capability) {
115	+ $this->getSubject()->add_cap($capability, true);
116
117	return true;
118	}

Application/Core/Subject/User.php CHANGED Viewed

	@@ -24,7 +24,7 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
24	* AAM Capability Key
25	*
26	* It is very important to have all user capability changes be stored in
27	- * ~~seperate~~ options from the wp_capabilities usermeta cause if AAM is not
28	* active as a plugin, it reverts back to the default WordPress settings
29	*/
30	const AAM_CAPKEY = 'aam_capability';
	@@ -127,17 +127,7 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
127	* @access public
128	*/
129	public function addCapability($capability) {
130	- ~~//check~~ ~~if user is capable to have~~ this ~~capability~~
131	- $map = call_user_func_array(
132	- 'map_meta_cap', array($capability, $this->getSubject()->ID)
133	- );
134	- if (!in_array('do_not_allow', $map)) {
135	- $response = $this->updateCapability($capability, true);
136	- } else {
137	- $response = false;
138	- }
139	-
140	- return $response;
141	}
142
143	/**


24	* AAM Capability Key
25	*
26	* It is very important to have all user capability changes be stored in
27	+ * separate options from the wp_capabilities usermeta cause if AAM is not
28	* active as a plugin, it reverts back to the default WordPress settings
29	*/
30	const AAM_CAPKEY = 'aam_capability';

127	* @access public
128	*/
129	public function addCapability($capability) {
130	+ return $this->updateCapability($capability, true);










131	}
132
133	/**

aam.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	Plugin Name: Advanced Access Manager
5	Description: Manage website access for any user, role or visitors
6	- Version: 4.6.1
7	Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	Author URI: https://www.vasyltech.com
9
	@@ -47,13 +47,15 @@ class AAM {
47	* @access protected
48	*/
49	protected function __construct() {


50	//initialize the user subject
51	- if (~~get_current_user_id(~~)) {
52	- $this->setUser(new AAM_Core_Subject_User(~~get_current_user_id(~~)));
53	} else {
54	$this->setUser(new AAM_Core_Subject_Visitor(''));
55	}
56	-
57	//load AAM core config
58	AAM_Core_Config::bootstrap();
59	}
	@@ -119,6 +121,11 @@ class AAM {
119	//load all installed extension
120	//TODO - Remove in Aug 2017
121	AAM_Extension_Repository::getInstance()->load();





122
123	//bootstrap the correct interface
124	if (is_admin()) {


3	/**
4	Plugin Name: Advanced Access Manager
5	Description: Manage website access for any user, role or visitors
6	+ Version: 4.6.2
7	Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	Author URI: https://www.vasyltech.com
9

47	* @access protected
48	*/
49	protected function __construct() {
50	+ $uid = get_current_user_id();
51	+
52	//initialize the user subject
53	+ if ($uid) {
54	+ $this->setUser(new AAM_Core_Subject_User($uid));
55	} else {
56	$this->setUser(new AAM_Core_Subject_Visitor(''));
57	}
58	+
59	//load AAM core config
60	AAM_Core_Config::bootstrap();
61	}

121	//load all installed extension
122	//TODO - Remove in Aug 2017
123	AAM_Extension_Repository::getInstance()->load();
124	+
125	+ //check if user is locked
126	+ if (get_current_user_id() && AAM::getUser()->user_status == 1) {
127	+ wp_logout();
128	+ }
129
130	//bootstrap the correct interface
131	if (is_admin()) {

media/js/aam-interface.js CHANGED Viewed

	@@ -148,8 +148,6 @@
148	$('i.icon-spin4', container).attr(
149	'class', 'aam-row-action icon-cog text-muted'
150	);
151	- //Show add capability that may be hidden after manager user
152	- $('#add-capability').show();
153	} else {
154	$.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
155	}
	@@ -598,8 +596,6 @@
598	$('i.icon-cog', container).attr('class', 'aam-row-action icon-spin4 animate-spin');
599	aam.fetchContent();
600	$('i.icon-spin4', container).attr('class', 'aam-row-action icon-cog text-muted');
601	- //make sure that there is no way user add's new capability
602	- $('#add-capability').hide();
603	} else {
604	$.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
605	}
	@@ -1175,7 +1171,9 @@
1175	action: 'aam',
1176	sub_action: 'Capability.add',
1177	_ajax_nonce: aamLocal.nonce,
1178	- capability: capability


1179	},
1180	beforeSend: function () {
1181	$(_this).text(aam.__('Saving...')).attr('disabled', true);


148	$('i.icon-spin4', container).attr(
149	'class', 'aam-row-action icon-cog text-muted'
150	);


151	} else {
152	$.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
153	}

596	$('i.icon-cog', container).attr('class', 'aam-row-action icon-spin4 animate-spin');
597	aam.fetchContent();
598	$('i.icon-spin4', container).attr('class', 'aam-row-action icon-cog text-muted');


599	} else {
600	$.aam.loadAccessForm($('#load-post-object-type').val(), $('#load-post-object').val(), $(this));
601	}

1171	action: 'aam',
1172	sub_action: 'Capability.add',
1173	_ajax_nonce: aamLocal.nonce,
1174	+ capability: capability,
1175	+ subject: aam.getSubject().type,
1176	+ subjectId: aam.getSubject().id
1177	},
1178	beforeSend: function () {
1179	$(_this).text(aam.__('Saving...')).attr('disabled', true);

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: vasyltech
3	Tags: access, role, user, capability, page access, post access, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin, 404, activity tracking
4	Requires at least: 3.8
5	Tested up to: 4.7.3
6	- Stable tag: 4.6.1
7
8	Manage access to your website for any user, role or visitors for both frontend and backend.
9
	@@ -110,6 +110,12 @@ Check our [help page](https://aamplugin.com/help) to find out more about AAM.
110
111	== Changelog ==
112






113	= 4.6.1 =
114	* Fixed bug with user capabilities
115	* Fixed bug with post access settings not being checked even when they are


3	Tags: access, role, user, capability, page access, post access, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin, 404, activity tracking
4	Requires at least: 3.8
5	Tested up to: 4.7.3
6	+ Stable tag: 4.6.2
7
8	Manage access to your website for any user, role or visitors for both frontend and backend.
9

110
111	== Changelog ==
112
113	+ = 4.6.2 =
114	+ * Added ability to logout automatically locked user
115	+ * Updated capability feature to allow set custom capabilities on user level
116	+ * Improved Posts & Pages feature for large number of posts
117	+ * Few minor bug fixed reported by CodePinch
118	+
119	= 4.6.1 =
120	* Fixed bug with user capabilities
121	* Fixed bug with post access settings not being checked even when they are