Version Description
- Fixed bug with post LIST & LIST TO OTHERS when access is set to term in odd order
- Fixed bug that potentially did not filter posts during search
- Added notification to the UI that extension folder does not exist or is not writable
- Added XML-RPC endpoint control
- Added ability to filter list of users by roles on the Users/Roles Manager panel
Download this release
Release Info
Developer | vasyl_m |
Plugin | Advanced Access Manager |
Version | 5.3.5 |
Comparing to | |
See all releases |
Code changes from version 5.3.4 to 5.3.5
- Application/Api/Rest/Resource/Post.php +3 -1
- Application/Backend/Feature/Extension/Manager.php +15 -0
- Application/Backend/Feature/Main/Post.php +0 -24
- Application/Backend/Feature/Main/Route.php +10 -0
- Application/Backend/Feature/Subject/User.php +5 -0
- Application/Backend/phtml/index.phtml +35 -0
- Application/Backend/phtml/main/menu.phtml +2 -2
- Application/Backend/phtml/main/metabox.phtml +1 -1
- Application/Backend/phtml/main/route.phtml +1 -1
- Application/Core/API.php +18 -24
- Application/Core/Contract/Api.php +0 -18
- Application/Core/Contract/Object.php +0 -18
- Application/Core/Contract/Subject.php +0 -18
- Application/Core/Gateway.php +9 -158
- Application/Core/Object.php +1 -1
- Application/Core/Object/Capability.php +40 -6
- Application/Core/Object/LoginRedirect.php +4 -1
- Application/Core/Object/Menu.php +26 -0
- Application/Core/Object/Metabox.php +29 -1
- Application/Core/Object/Post.php +58 -7
- Application/Core/Object/Visibility.php +14 -11
- Application/Core/Subject.php +1 -1
- Application/Extension/List.php +2 -2
- Application/Extension/Repository.php +12 -6
- Application/Frontend/Authorization.php +1 -1
- Application/Shared/Manager.php +34 -5
- aam.php +1 -1
- media/css/aam.css +11 -2
- media/js/aam.js +92 -10
- readme.txt +8 -1
Application/Api/Rest/Resource/Post.php
CHANGED
@@ -156,7 +156,9 @@ class AAM_Api_Rest_Resource_Post {
|
|
156 |
if ($expire) {
|
157 |
$date = strtotime($post->get('api.expire_datetime'));
|
158 |
if ($date <= time()) {
|
159 |
-
$actions = AAM_Core_Config::get(
|
|
|
|
|
160 |
|
161 |
foreach(array_map('trim', explode(',', $actions)) as $action) {
|
162 |
$post->set($action, 1);
|
156 |
if ($expire) {
|
157 |
$date = strtotime($post->get('api.expire_datetime'));
|
158 |
if ($date <= time()) {
|
159 |
+
$actions = AAM_Core_Config::get(
|
160 |
+
'feature.api.postAccess.expired', 'api.read'
|
161 |
+
);
|
162 |
|
163 |
foreach(array_map('trim', explode(',', $actions)) as $action) {
|
164 |
$post->set($action, 1);
|
Application/Backend/Feature/Extension/Manager.php
CHANGED
@@ -139,6 +139,21 @@ class AAM_Backend_Feature_Extension_Manager extends AAM_Backend_Feature_Abstract
|
|
139 |
return json_encode(array('status' => 'success'));
|
140 |
}
|
141 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
142 |
/**
|
143 |
*
|
144 |
* @param type $type
|
139 |
return json_encode(array('status' => 'success'));
|
140 |
}
|
141 |
|
142 |
+
/**
|
143 |
+
*
|
144 |
+
* @return type
|
145 |
+
*/
|
146 |
+
public function fixDirectoryIssue() {
|
147 |
+
$dirname = AAM_Extension_Repository::getInstance()->getBasedir();
|
148 |
+
if (file_exists($dirname) === false) {
|
149 |
+
@mkdir($dirname, fileperms( ABSPATH ) & 0777 | 0755, true);
|
150 |
+
}
|
151 |
+
|
152 |
+
return json_encode(array(
|
153 |
+
'status' => (AAM_Extension_Repository::getInstance()->isWriteableDirectory() ? 'success' : 'failed')
|
154 |
+
));
|
155 |
+
}
|
156 |
+
|
157 |
/**
|
158 |
*
|
159 |
* @param type $type
|
Application/Backend/Feature/Main/Post.php
CHANGED
@@ -348,30 +348,6 @@ class AAM_Backend_Feature_Main_Post extends AAM_Backend_Feature_Abstract {
|
|
348 |
return json_encode($response);
|
349 |
}
|
350 |
|
351 |
-
/**
|
352 |
-
*
|
353 |
-
* @return type
|
354 |
-
*/
|
355 |
-
public function autocomplete() {
|
356 |
-
$res = array();
|
357 |
-
$list = get_posts(array(
|
358 |
-
'post_type' => AAM_Core_Request::post('type'),
|
359 |
-
'category' => 0,
|
360 |
-
's' => AAM_Core_Request::post('s'),
|
361 |
-
'numberposts' => 10,
|
362 |
-
'post_status' => 'any',
|
363 |
-
'fields' => 'all'
|
364 |
-
));
|
365 |
-
|
366 |
-
if (count($list)) {
|
367 |
-
foreach($list as $post) {
|
368 |
-
$res[] = "{$post->ID}|{$post->post_title}";
|
369 |
-
}
|
370 |
-
}
|
371 |
-
|
372 |
-
return json_encode($res);
|
373 |
-
}
|
374 |
-
|
375 |
/**
|
376 |
* Get Post or Term access
|
377 |
*
|
348 |
return json_encode($response);
|
349 |
}
|
350 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
351 |
/**
|
352 |
* Get Post or Term access
|
353 |
*
|
Application/Backend/Feature/Main/Route.php
CHANGED
@@ -75,6 +75,16 @@ class AAM_Backend_Feature_Main_Route extends AAM_Backend_Feature_Abstract {
|
|
75 |
}
|
76 |
}
|
77 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
78 |
return $response;
|
79 |
}
|
80 |
|
75 |
}
|
76 |
}
|
77 |
|
78 |
+
// Build XML RPC routes
|
79 |
+
foreach(array_keys(AAM_Core_API::getXMLRPCServer()->methods) as $route) {
|
80 |
+
$response[] = array(
|
81 |
+
'xmlrpc',
|
82 |
+
'POST',
|
83 |
+
htmlspecialchars($route),
|
84 |
+
$object->has('xmlrpc', $route) ? 'checked' : 'unchecked'
|
85 |
+
);
|
86 |
+
}
|
87 |
+
|
88 |
return $response;
|
89 |
}
|
90 |
|
Application/Backend/Feature/Subject/User.php
CHANGED
@@ -93,6 +93,7 @@ class AAM_Backend_Feature_Subject_User {
|
|
93 |
*/
|
94 |
public function query() {
|
95 |
$search = trim(AAM_Core_Request::request('search.value'));
|
|
|
96 |
|
97 |
$args = array(
|
98 |
'blog_id' => get_current_blog_id(),
|
@@ -106,6 +107,10 @@ class AAM_Backend_Feature_Subject_User {
|
|
106 |
'orderby' => 'user_nicename',
|
107 |
'order' => 'ASC'
|
108 |
);
|
|
|
|
|
|
|
|
|
109 |
|
110 |
return new WP_User_Query($args);
|
111 |
}
|
93 |
*/
|
94 |
public function query() {
|
95 |
$search = trim(AAM_Core_Request::request('search.value'));
|
96 |
+
$role = trim(AAM_Core_Request::request('role'));
|
97 |
|
98 |
$args = array(
|
99 |
'blog_id' => get_current_blog_id(),
|
107 |
'orderby' => 'user_nicename',
|
108 |
'order' => 'ASC'
|
109 |
);
|
110 |
+
|
111 |
+
if (!empty($role)) {
|
112 |
+
$args['role__in'] = $role;
|
113 |
+
}
|
114 |
|
115 |
return new WP_User_Query($args);
|
116 |
}
|
Application/Backend/phtml/index.phtml
CHANGED
@@ -80,6 +80,41 @@
|
|
80 |
</div>
|
81 |
</div>
|
82 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
83 |
<?php $licenses = AAM_Extension_Repository::getInstance()->getCommercialLicenses(); ?>
|
84 |
<?php if (count($licenses)) { ?>
|
85 |
<div class="metabox-holder extensions-metabox" style="display:none;">
|
80 |
</div>
|
81 |
</div>
|
82 |
|
83 |
+
<?php if (AAM_Extension_Repository::getInstance()->isWriteableDirectory() === false) { ?>
|
84 |
+
<?php $relativePath = AAM_Extension_Repository::getInstance()->getBasedir(true); ?>
|
85 |
+
<div class="metabox-holder extensions-metabox" id='extension-dir-warning' style="display:none;">
|
86 |
+
<div class="postbox">
|
87 |
+
<h3 class="hndle warning">
|
88 |
+
<span><?php echo __('Warning', AAM_KEY); ?></span>
|
89 |
+
</h3>
|
90 |
+
<div class="inside">
|
91 |
+
<div class="aam-postbox-inside text-center">
|
92 |
+
<p class='alert alert-warning text-larger highlighted-italic'>
|
93 |
+
<?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('All AAM extension should be located in [%s] directory however it either does not exist or is not writable.', 'b'), $relativePath); ?>
|
94 |
+
</p>
|
95 |
+
<a href="#" class="btn btn-sm btn-success btn-block" id='fix-extension-dir-issue'><i class="icon-wrench"></i> <?php echo __('Click To Fix The Issue', AAM_KEY); ?></a>
|
96 |
+
</div>
|
97 |
+
</div>
|
98 |
+
</div>
|
99 |
+
</div>
|
100 |
+
<div class="modal fade" id="extension-dir-issue-modal" tabindex="-1" role="dialog">
|
101 |
+
<div class="modal-dialog" role="document">
|
102 |
+
<div class="modal-content">
|
103 |
+
<div class="modal-body">
|
104 |
+
<div class="form-group">
|
105 |
+
<p class="alert alert-warning text-larger">
|
106 |
+
<?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('Failed to create a [%s] directory for AAM extension. To create it manually, login to your website via FTP and create [%s] directory. [Please Note!] It is a relative directory path from your website root (where wp-config.php file is located).', 'b', 'b', 'b'), $relativePath, $relativePath); ?>
|
107 |
+
</p>
|
108 |
+
</div>
|
109 |
+
</div>
|
110 |
+
<div class="modal-footer">
|
111 |
+
<button type="button" class="btn btn-default" data-dismiss="modal"><?php echo __('Ok', AAM_KEY); ?></button>
|
112 |
+
</div>
|
113 |
+
</div>
|
114 |
+
</div>
|
115 |
+
</div>
|
116 |
+
<?php } ?>
|
117 |
+
|
118 |
<?php $licenses = AAM_Extension_Repository::getInstance()->getCommercialLicenses(); ?>
|
119 |
<?php if (count($licenses)) { ?>
|
120 |
<div class="metabox-holder extensions-metabox" style="display:none;">
|
Application/Backend/phtml/main/menu.phtml
CHANGED
@@ -47,12 +47,12 @@
|
|
47 |
<?php foreach ($menu['submenu'] as $j => $submenu) { ?>
|
48 |
<?php if ($submenu['id'] == 'index.php') { ?>
|
49 |
<div class="col-xs-12 col-md-6 aam-submenu-item">
|
50 |
-
<label for="menu-item-<?php echo $i . $j; ?>"><?php echo $submenu['name'];
|
51 |
<a href="#dashboard-lockout-modal" data-toggle="modal"><i class="icon-help-circled"></i></a>
|
52 |
</div>
|
53 |
<?php } else { ?>
|
54 |
<div class="col-xs-12 col-md-6 aam-submenu-item">
|
55 |
-
<label for="menu-item-<?php echo $i . $j; ?>"><?php echo $submenu['name'];
|
56 |
<input type="checkbox" class="aam-checkbox-danger" id="menu-item-<?php echo $i . $j; ?>" data-menu-id="<?php echo $submenu['id']; ?>"<?php echo ($object->has($submenu['id']) ? ' checked="checked"' : ''); ?> />
|
57 |
<label for="menu-item-<?php echo $i . $j; ?>" data-toggle="tooltip" title="<?php echo ($object->has($submenu['id']) ? __('Uncheck to allow', AAM_KEY) : __('Check to restrict', AAM_KEY)); ?>"></label>
|
58 |
</div>
|
47 |
<?php foreach ($menu['submenu'] as $j => $submenu) { ?>
|
48 |
<?php if ($submenu['id'] == 'index.php') { ?>
|
49 |
<div class="col-xs-12 col-md-6 aam-submenu-item">
|
50 |
+
<label for="menu-item-<?php echo $i . $j; ?>"><u><?php echo $submenu['name']; ?></u><small class="aam-menu-capability"><?php echo __('Cap:', AAM_KEY), ' <b>', $submenu['capability']; ?></b></small></label>
|
51 |
<a href="#dashboard-lockout-modal" data-toggle="modal"><i class="icon-help-circled"></i></a>
|
52 |
</div>
|
53 |
<?php } else { ?>
|
54 |
<div class="col-xs-12 col-md-6 aam-submenu-item">
|
55 |
+
<label for="menu-item-<?php echo $i . $j; ?>"><u><?php echo $submenu['name']; ?></u><small class="aam-menu-capability"><?php echo __('Cap:', AAM_KEY), ' <b>', $submenu['capability']; ?></b></small></label>
|
56 |
<input type="checkbox" class="aam-checkbox-danger" id="menu-item-<?php echo $i . $j; ?>" data-menu-id="<?php echo $submenu['id']; ?>"<?php echo ($object->has($submenu['id']) ? ' checked="checked"' : ''); ?> />
|
57 |
<label for="menu-item-<?php echo $i . $j; ?>" data-toggle="tooltip" title="<?php echo ($object->has($submenu['id']) ? __('Uncheck to allow', AAM_KEY) : __('Check to restrict', AAM_KEY)); ?>"></label>
|
58 |
</div>
|
Application/Backend/phtml/main/metabox.phtml
CHANGED
@@ -60,7 +60,7 @@
|
|
60 |
<div class="row">
|
61 |
<?php foreach ($metaboxes as $metabox) { ?>
|
62 |
<div class="col-xs-12 col-md-6 aam-submenu-item">
|
63 |
-
<label for="metabox-<?php echo $screen; ?>-<?php echo $metabox['id']; ?>"><?php echo $metabox['title']; ?></label>
|
64 |
<input type="checkbox" class="aam-checkbox-danger" id="metabox-<?php echo $screen; ?>-<?php echo $metabox['id']; ?>" data-metabox="<?php echo $screen; ?>|<?php echo $metabox['id']; ?>"<?php echo ($object->has($screen, $metabox['id']) ? ' checked="checked"' : ''); ?> />
|
65 |
<label for="metabox-<?php echo $screen; ?>-<?php echo $metabox['id']; ?>" data-toggle="tooltip" title="<?php echo ($object->has($screen, $metabox['id']) ? __('Uncheck to show', AAM_KEY) : __('Check to hide', AAM_KEY)); ?>"></label>
|
66 |
</div>
|
60 |
<div class="row">
|
61 |
<?php foreach ($metaboxes as $metabox) { ?>
|
62 |
<div class="col-xs-12 col-md-6 aam-submenu-item">
|
63 |
+
<label for="metabox-<?php echo $screen; ?>-<?php echo $metabox['id']; ?>"><u><?php echo $metabox['title']; ?></u><small class="aam-metabox-details"><?php echo __('Screen:', AAM_KEY) . ' <b>' . $screen; ?></b></small><small class="aam-metabox-details"><?php echo __('ID:', AAM_KEY) . ' <b>' . $metabox['id']; ?></b></small></label>
|
64 |
<input type="checkbox" class="aam-checkbox-danger" id="metabox-<?php echo $screen; ?>-<?php echo $metabox['id']; ?>" data-metabox="<?php echo $screen; ?>|<?php echo $metabox['id']; ?>"<?php echo ($object->has($screen, $metabox['id']) ? ' checked="checked"' : ''); ?> />
|
65 |
<label for="metabox-<?php echo $screen; ?>-<?php echo $metabox['id']; ?>" data-toggle="tooltip" title="<?php echo ($object->has($screen, $metabox['id']) ? __('Uncheck to show', AAM_KEY) : __('Check to hide', AAM_KEY)); ?>"></label>
|
66 |
</div>
|
Application/Backend/phtml/main/route.phtml
CHANGED
@@ -24,7 +24,7 @@
|
|
24 |
<thead>
|
25 |
<tr>
|
26 |
<th>Type</th>
|
27 |
-
<th width="10%"
|
28 |
<th width="80%"><?php echo __('Route', AAM_KEY); ?></th>
|
29 |
<th><?php echo __('Deny', AAM_KEY); ?></th>
|
30 |
</tr>
|
24 |
<thead>
|
25 |
<tr>
|
26 |
<th>Type</th>
|
27 |
+
<th width="10%">Method</th>
|
28 |
<th width="80%"><?php echo __('Route', AAM_KEY); ?></th>
|
29 |
<th><?php echo __('Deny', AAM_KEY); ?></th>
|
30 |
</tr>
|
Application/Core/API.php
CHANGED
@@ -48,6 +48,24 @@ final class AAM_Core_API {
|
|
48 |
return $response;
|
49 |
}
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
51 |
/**
|
52 |
*
|
53 |
* @param type $option
|
@@ -380,30 +398,6 @@ final class AAM_Core_API {
|
|
380 |
return (!empty($version) ? $version : null);
|
381 |
}
|
382 |
|
383 |
-
/**
|
384 |
-
* Get Query post type
|
385 |
-
*
|
386 |
-
* @param WP_Query $query
|
387 |
-
*
|
388 |
-
* @return string
|
389 |
-
*
|
390 |
-
* @access public
|
391 |
-
*/
|
392 |
-
public static function getQueryPostType($query) {
|
393 |
-
//get post type based on queired object
|
394 |
-
if (!empty($query->query['post_type'])) {
|
395 |
-
$type = $query->query['post_type'];
|
396 |
-
} elseif (!empty($query->query_vars['post_type'])) {
|
397 |
-
$type = $query->query_vars['post_type'];
|
398 |
-
}
|
399 |
-
|
400 |
-
if (empty($type) || !is_scalar($type)){
|
401 |
-
$type = 'post';
|
402 |
-
}
|
403 |
-
|
404 |
-
return $type;
|
405 |
-
}
|
406 |
-
|
407 |
/**
|
408 |
* Get current post
|
409 |
*
|
48 |
return $response;
|
49 |
}
|
50 |
|
51 |
+
/**
|
52 |
+
*
|
53 |
+
* @staticvar type $xmlrpc
|
54 |
+
* @return \classname
|
55 |
+
*/
|
56 |
+
public static function getXMLRPCServer() {
|
57 |
+
static $xmlrpc = null;
|
58 |
+
|
59 |
+
if (is_null($xmlrpc)) {
|
60 |
+
require_once(ABSPATH . WPINC . '/class-IXR.php');
|
61 |
+
require_once(ABSPATH . WPINC . '/class-wp-xmlrpc-server.php');
|
62 |
+
$classname = apply_filters('wp_xmlrpc_server_class', 'wp_xmlrpc_server');
|
63 |
+
$xmlrpc = new $classname;
|
64 |
+
}
|
65 |
+
|
66 |
+
return $xmlrpc;
|
67 |
+
}
|
68 |
+
|
69 |
/**
|
70 |
*
|
71 |
* @param type $option
|
398 |
return (!empty($version) ? $version : null);
|
399 |
}
|
400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
401 |
/**
|
402 |
* Get current post
|
403 |
*
|
Application/Core/Contract/Api.php
DELETED
@@ -1,18 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM core API interface
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
*/
|
16 |
-
interface AAM_Core_Contract_Api {
|
17 |
-
|
18 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Application/Core/Contract/Object.php
DELETED
@@ -1,18 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM core object interface
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
*/
|
16 |
-
interface AAM_Core_Contract_Object {
|
17 |
-
|
18 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Application/Core/Contract/Subject.php
DELETED
@@ -1,18 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM core subject interface
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
*/
|
16 |
-
interface AAM_Core_Contract_Subject {
|
17 |
-
|
18 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Application/Core/Gateway.php
CHANGED
@@ -13,83 +13,8 @@
|
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
*/
|
16 |
-
final class AAM_Core_Gateway
|
17 |
|
18 |
-
/**
|
19 |
-
* User subject slug
|
20 |
-
*/
|
21 |
-
const SUBJECT_USER = 'user';
|
22 |
-
|
23 |
-
/**
|
24 |
-
* Role subject slug
|
25 |
-
*/
|
26 |
-
const SUBJECT_ROLE = 'role';
|
27 |
-
|
28 |
-
/**
|
29 |
-
* Default subject slug
|
30 |
-
*/
|
31 |
-
const SUBJECT_DEFAULT = 'default';
|
32 |
-
|
33 |
-
/**
|
34 |
-
* Visitor subject slug
|
35 |
-
*/
|
36 |
-
const SUBJECT_VISITOR = 'visitor';
|
37 |
-
|
38 |
-
/**
|
39 |
-
* Cache object slug
|
40 |
-
*/
|
41 |
-
const OBJECT_CACHE = 'cache';
|
42 |
-
|
43 |
-
/**
|
44 |
-
* Capability object slug
|
45 |
-
*/
|
46 |
-
const OBJECT_CAPABILITY = 'capability';
|
47 |
-
|
48 |
-
/**
|
49 |
-
* Login Redirect object slug
|
50 |
-
*/
|
51 |
-
const OBJECT_LOGIN_REDIRECT = 'loginRedirect';
|
52 |
-
|
53 |
-
/**
|
54 |
-
* Logout Redirect object slug
|
55 |
-
*/
|
56 |
-
const OBJECT_LOGOUT_REDIRECT = 'logoutRedirect';
|
57 |
-
|
58 |
-
/**
|
59 |
-
* Backend Menu object slug
|
60 |
-
*/
|
61 |
-
const OBJECT_BACKEND_MENU = 'menu';
|
62 |
-
|
63 |
-
/**
|
64 |
-
* Metabox & Widget object slug
|
65 |
-
*/
|
66 |
-
const OBJECT_METABOX = 'metabox';
|
67 |
-
|
68 |
-
/**
|
69 |
-
* Post object slug
|
70 |
-
*/
|
71 |
-
const OBJECT_POST = 'post';
|
72 |
-
|
73 |
-
/**
|
74 |
-
* Access Denied Redirect object slug
|
75 |
-
*/
|
76 |
-
const OBJECT_ACCESS_DENIED_REDIRECT = 'redirect';
|
77 |
-
|
78 |
-
/**
|
79 |
-
* API Route object slug
|
80 |
-
*/
|
81 |
-
const OBJECT_ROUTE = 'route';
|
82 |
-
|
83 |
-
/**
|
84 |
-
* Hierarchical Term object slug
|
85 |
-
*/
|
86 |
-
const OBJECT_TERM = 'term';
|
87 |
-
|
88 |
-
/**
|
89 |
-
* Post Type object slug
|
90 |
-
*/
|
91 |
-
const OBJECT_POST_TYPE = 'type';
|
92 |
-
|
93 |
/**
|
94 |
* Single instance of itself
|
95 |
*
|
@@ -123,100 +48,24 @@ final class AAM_Core_Gateway implements AAM_Core_Contract_Api {
|
|
123 |
*
|
124 |
* If no $id specified, current user will be returned
|
125 |
*
|
126 |
-
* @param int $id
|
127 |
*
|
128 |
-
* @return
|
129 |
*
|
130 |
* @access public
|
131 |
-
* @throws Exception If no $id is specified and user is not authenticated
|
132 |
*/
|
133 |
-
public function
|
134 |
if (!empty($id)) {
|
135 |
-
|
136 |
-
$user = AAM::getUser();
|
137 |
-
} else {
|
138 |
-
$user = new AAM_Core_Subject_User($id);
|
139 |
-
}
|
140 |
} elseif (get_current_user_id()) {
|
141 |
$user = AAM::getUser();
|
142 |
} else {
|
143 |
-
|
144 |
}
|
145 |
|
146 |
return $user;
|
147 |
}
|
148 |
|
149 |
-
/**
|
150 |
-
* Get role
|
151 |
-
*
|
152 |
-
* @param string $slug
|
153 |
-
*
|
154 |
-
* @return AAM_Core_Subject_Role
|
155 |
-
*
|
156 |
-
* @access public
|
157 |
-
*/
|
158 |
-
public function getRoleSubject($slug) {
|
159 |
-
return new AAM_Core_Subject_Role($slug);
|
160 |
-
}
|
161 |
-
|
162 |
-
/**
|
163 |
-
* Get visitor
|
164 |
-
*
|
165 |
-
* @return AAM_Core_Subject_Visitor
|
166 |
-
*
|
167 |
-
* @access public
|
168 |
-
*/
|
169 |
-
public function getVisitorSubject() {
|
170 |
-
return new AAM_Core_Subject_Visitor();
|
171 |
-
}
|
172 |
-
|
173 |
-
/**
|
174 |
-
* Get default subject
|
175 |
-
*
|
176 |
-
* @return AAM_Core_Subject_Default
|
177 |
-
*
|
178 |
-
* @access public
|
179 |
-
*/
|
180 |
-
public function getDefaultSubject() {
|
181 |
-
return new AAM_Core_Subject_Default();
|
182 |
-
}
|
183 |
-
|
184 |
-
/**
|
185 |
-
* Get subject
|
186 |
-
*
|
187 |
-
* @param string $type Subject type (allowed user, role, visitor and default)
|
188 |
-
* @param string|int $id Subject id (e.g. role slug or user ID)
|
189 |
-
*
|
190 |
-
* @return AAM_Core_Contract_Subject
|
191 |
-
*
|
192 |
-
* @access public
|
193 |
-
* @throws Exception If subject type is not valid
|
194 |
-
*/
|
195 |
-
public function getSubject($type, $id = null) {
|
196 |
-
switch($type) {
|
197 |
-
case self::SUBJECT_USER:
|
198 |
-
$subject = $this->getUserSubject($id);
|
199 |
-
break;
|
200 |
-
|
201 |
-
case self::SUBJECT_ROLE:
|
202 |
-
$subject = $this->getRoleSubject($id);
|
203 |
-
break;
|
204 |
-
|
205 |
-
case self::SUBJECT_VISITOR:
|
206 |
-
$subject = $this->getVisitorSubject();
|
207 |
-
break;
|
208 |
-
|
209 |
-
case self::SUBJECT_DEFAULT:
|
210 |
-
$subject = $this->getDefaultSubject();
|
211 |
-
break;
|
212 |
-
|
213 |
-
default:
|
214 |
-
throw new Exception('Invalid subject type');
|
215 |
-
}
|
216 |
-
|
217 |
-
return $subject;
|
218 |
-
}
|
219 |
-
|
220 |
/**
|
221 |
* Log any critical message
|
222 |
*
|
@@ -232,11 +81,13 @@ final class AAM_Core_Gateway implements AAM_Core_Contract_Api {
|
|
232 |
/**
|
233 |
* Deny access for current HTTP request
|
234 |
*
|
|
|
|
|
235 |
* @return void
|
236 |
*
|
237 |
* @access public
|
238 |
*/
|
239 |
-
public function denyAccess() {
|
240 |
AAM_Core_API::reject();
|
241 |
}
|
242 |
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
*/
|
16 |
+
final class AAM_Core_Gateway {
|
17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18 |
/**
|
19 |
* Single instance of itself
|
20 |
*
|
48 |
*
|
49 |
* If no $id specified, current user will be returned
|
50 |
*
|
51 |
+
* @param int $id Optional user id
|
52 |
*
|
53 |
+
* @return AAM_Core_Subject
|
54 |
*
|
55 |
* @access public
|
|
|
56 |
*/
|
57 |
+
public function getUser($id = null) {
|
58 |
if (!empty($id)) {
|
59 |
+
$user = new AAM_Core_Subject_User($id);
|
|
|
|
|
|
|
|
|
60 |
} elseif (get_current_user_id()) {
|
61 |
$user = AAM::getUser();
|
62 |
} else {
|
63 |
+
$user = new AAM_Core_Subject_Visitor();
|
64 |
}
|
65 |
|
66 |
return $user;
|
67 |
}
|
68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
69 |
/**
|
70 |
* Log any critical message
|
71 |
*
|
81 |
/**
|
82 |
* Deny access for current HTTP request
|
83 |
*
|
84 |
+
* @param mixed $params
|
85 |
+
*
|
86 |
* @return void
|
87 |
*
|
88 |
* @access public
|
89 |
*/
|
90 |
+
public function denyAccess($params = null) {
|
91 |
AAM_Core_API::reject();
|
92 |
}
|
93 |
|
Application/Core/Object.php
CHANGED
@@ -13,7 +13,7 @@
|
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
*/
|
16 |
-
abstract class AAM_Core_Object
|
17 |
|
18 |
/**
|
19 |
* Subject
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
*/
|
16 |
+
abstract class AAM_Core_Object {
|
17 |
|
18 |
/**
|
19 |
* Subject
|
Application/Core/Object/Capability.php
CHANGED
@@ -41,9 +41,14 @@ class AAM_Core_Object_Capability extends AAM_Core_Object {
|
|
41 |
}
|
42 |
|
43 |
/**
|
|
|
44 |
*
|
45 |
-
* @param
|
46 |
-
* @param
|
|
|
|
|
|
|
|
|
47 |
*/
|
48 |
public function save($capability, $granted) {
|
49 |
if (intval($granted)) {
|
@@ -54,14 +59,43 @@ class AAM_Core_Object_Capability extends AAM_Core_Object {
|
|
54 |
|
55 |
return $result;
|
56 |
}
|
57 |
-
|
58 |
/**
|
59 |
-
*
|
60 |
-
*
|
61 |
-
* @
|
|
|
|
|
|
|
|
|
62 |
*/
|
63 |
public function has($capability) {
|
64 |
return $this->getSubject()->hasCapability($capability);
|
65 |
}
|
66 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
67 |
}
|
41 |
}
|
42 |
|
43 |
/**
|
44 |
+
* Update subject's capability
|
45 |
*
|
46 |
+
* @param string $capability
|
47 |
+
* @param bool $granted
|
48 |
+
*
|
49 |
+
* @return bool
|
50 |
+
*
|
51 |
+
* @access public
|
52 |
*/
|
53 |
public function save($capability, $granted) {
|
54 |
if (intval($granted)) {
|
59 |
|
60 |
return $result;
|
61 |
}
|
62 |
+
|
63 |
/**
|
64 |
+
* Check if subject has specified capability
|
65 |
+
*
|
66 |
+
* @param string $capability
|
67 |
+
*
|
68 |
+
* @return bool
|
69 |
+
*
|
70 |
+
* @access public
|
71 |
*/
|
72 |
public function has($capability) {
|
73 |
return $this->getSubject()->hasCapability($capability);
|
74 |
}
|
75 |
|
76 |
+
/**
|
77 |
+
* Assign capability to user
|
78 |
+
*
|
79 |
+
* @param string $capability
|
80 |
+
*
|
81 |
+
* @return boolean
|
82 |
+
*
|
83 |
+
* @access public
|
84 |
+
*/
|
85 |
+
public function add($capability) {
|
86 |
+
return $this->save($capability, 1);
|
87 |
+
}
|
88 |
+
|
89 |
+
/**
|
90 |
+
* Remove capability from user
|
91 |
+
*
|
92 |
+
* @param string $capability
|
93 |
+
*
|
94 |
+
* @return boolean
|
95 |
+
*
|
96 |
+
* @access public
|
97 |
+
*/
|
98 |
+
public function remove($capability) {
|
99 |
+
return $this->save($capability, 0);
|
100 |
+
}
|
101 |
}
|
Application/Core/Object/LoginRedirect.php
CHANGED
@@ -68,8 +68,11 @@ class AAM_Core_Object_LoginRedirect extends AAM_Core_Object {
|
|
68 |
}
|
69 |
|
70 |
/**
|
|
|
71 |
*
|
72 |
-
* @return
|
|
|
|
|
73 |
*/
|
74 |
public function reset() {
|
75 |
return $this->getSubject()->deleteOption('loginredirect');
|
68 |
}
|
69 |
|
70 |
/**
|
71 |
+
* Reset settings to default
|
72 |
*
|
73 |
+
* @return boolean
|
74 |
+
*
|
75 |
+
* @access public
|
76 |
*/
|
77 |
public function reset() {
|
78 |
return $this->getSubject()->deleteOption('loginredirect');
|
Application/Core/Object/Menu.php
CHANGED
@@ -200,6 +200,32 @@ class AAM_Core_Object_Menu extends AAM_Core_Object {
|
|
200 |
|
201 |
return $direct || $branch || $indirect;
|
202 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
203 |
|
204 |
/**
|
205 |
* Save menu option
|
200 |
|
201 |
return $direct || $branch || $indirect;
|
202 |
}
|
203 |
+
|
204 |
+
/**
|
205 |
+
* Allow access to a specific menu
|
206 |
+
*
|
207 |
+
* @param string $menu
|
208 |
+
*
|
209 |
+
* @return boolean
|
210 |
+
*
|
211 |
+
* @access public
|
212 |
+
*/
|
213 |
+
public function allow($menu) {
|
214 |
+
return $this->save($menu, 0);
|
215 |
+
}
|
216 |
+
|
217 |
+
/**
|
218 |
+
* Deny access to a specific menu
|
219 |
+
*
|
220 |
+
* @param string $menu
|
221 |
+
*
|
222 |
+
* @return boolean
|
223 |
+
*
|
224 |
+
* @access public
|
225 |
+
*/
|
226 |
+
public function deny($menu) {
|
227 |
+
return $this->save($menu, 1);
|
228 |
+
}
|
229 |
|
230 |
/**
|
231 |
* Save menu option
|
Application/Core/Object/Metabox.php
CHANGED
@@ -85,7 +85,7 @@ class AAM_Core_Object_Metabox extends AAM_Core_Object {
|
|
85 |
* @param type $screen
|
86 |
*/
|
87 |
public function filterBackend($screen) {
|
88 |
-
global $wp_meta_boxes
|
89 |
|
90 |
if (is_array($wp_meta_boxes)) {
|
91 |
foreach ($wp_meta_boxes as $screen_id => $zones) {
|
@@ -169,5 +169,33 @@ class AAM_Core_Object_Metabox extends AAM_Core_Object {
|
|
169 |
|
170 |
return !empty($options[$screen][$metabox]);
|
171 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
172 |
|
173 |
}
|
85 |
* @param type $screen
|
86 |
*/
|
87 |
public function filterBackend($screen) {
|
88 |
+
global $wp_meta_boxes;
|
89 |
|
90 |
if (is_array($wp_meta_boxes)) {
|
91 |
foreach ($wp_meta_boxes as $screen_id => $zones) {
|
169 |
|
170 |
return !empty($options[$screen][$metabox]);
|
171 |
}
|
172 |
+
|
173 |
+
/**
|
174 |
+
* Allow access to a specific metabox
|
175 |
+
*
|
176 |
+
* @param string $screen
|
177 |
+
* @param string $metabox
|
178 |
+
*
|
179 |
+
* @return boolean
|
180 |
+
*
|
181 |
+
* @access public
|
182 |
+
*/
|
183 |
+
public function allow($screen, $metabox) {
|
184 |
+
$this->save("{$screen}|{$metabox}", 0);
|
185 |
+
}
|
186 |
+
|
187 |
+
/**
|
188 |
+
* Deny access to a specific metabox
|
189 |
+
*
|
190 |
+
* @param string $screen
|
191 |
+
* @param string $metabox
|
192 |
+
*
|
193 |
+
* @return boolean
|
194 |
+
*
|
195 |
+
* @access public
|
196 |
+
*/
|
197 |
+
public function deny($screen, $metabox) {
|
198 |
+
return $this->save("{$screen}|{$metabox}", 1);
|
199 |
+
}
|
200 |
|
201 |
}
|
Application/Core/Object/Post.php
CHANGED
@@ -147,14 +147,17 @@ class AAM_Core_Object_Post extends AAM_Core_Object {
|
|
147 |
/**
|
148 |
* Save options
|
149 |
*
|
|
|
|
|
|
|
150 |
* @return boolean
|
151 |
*
|
152 |
* @access public
|
153 |
*/
|
154 |
-
public function save($property, $
|
155 |
$option = $this->getOption();
|
156 |
|
157 |
-
$option[$property] = $
|
158 |
|
159 |
// Very specific WP case. According to the WP core, you are not allowed to
|
160 |
// set meta for revision, so let's bypass this constrain.
|
@@ -231,19 +234,67 @@ class AAM_Core_Object_Post extends AAM_Core_Object {
|
|
231 |
/**
|
232 |
* Check if option is set
|
233 |
*
|
234 |
-
* @param string $
|
235 |
-
* @param string $action
|
236 |
*
|
237 |
* @return boolean
|
238 |
*
|
239 |
* @access public
|
240 |
*/
|
241 |
-
public function has($
|
242 |
$option = $this->getOption();
|
243 |
|
244 |
-
return (
|
245 |
}
|
246 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
247 |
/**
|
248 |
* Get option
|
249 |
*
|
147 |
/**
|
148 |
* Save options
|
149 |
*
|
150 |
+
* @param string $property
|
151 |
+
* @param mixed $value
|
152 |
+
*
|
153 |
* @return boolean
|
154 |
*
|
155 |
* @access public
|
156 |
*/
|
157 |
+
public function save($property, $value) {
|
158 |
$option = $this->getOption();
|
159 |
|
160 |
+
$option[$property] = $value;
|
161 |
|
162 |
// Very specific WP case. According to the WP core, you are not allowed to
|
163 |
// set meta for revision, so let's bypass this constrain.
|
234 |
/**
|
235 |
* Check if option is set
|
236 |
*
|
237 |
+
* @param string $property
|
|
|
238 |
*
|
239 |
* @return boolean
|
240 |
*
|
241 |
* @access public
|
242 |
*/
|
243 |
+
public function has($property) {
|
244 |
$option = $this->getOption();
|
245 |
|
246 |
+
return (array_key_exists($property, $option) && $option[$property]);
|
247 |
}
|
248 |
+
|
249 |
+
/**
|
250 |
+
* Update property
|
251 |
+
*
|
252 |
+
* @param string $property
|
253 |
+
* @param mixed $value
|
254 |
+
*
|
255 |
+
* @return boolean
|
256 |
+
*
|
257 |
+
* @access public
|
258 |
+
*/
|
259 |
+
public function update($property, $value) {
|
260 |
+
return $this->save($property, $value);
|
261 |
+
}
|
262 |
+
|
263 |
+
/**
|
264 |
+
* Remove property
|
265 |
+
*
|
266 |
+
* @param string $property
|
267 |
+
*
|
268 |
+
* @return boolean
|
269 |
+
*
|
270 |
+
* @access public
|
271 |
+
*/
|
272 |
+
public function remove($property) {
|
273 |
+
$option = $this->getOption();
|
274 |
+
|
275 |
+
if (array_key_exists($option, $property)) {
|
276 |
+
unset($option[$property]);
|
277 |
+
}
|
278 |
+
|
279 |
+
// Very specific WP case. According to the WP core, you are not allowed to
|
280 |
+
// set meta for revision, so let's bypass this constrain.
|
281 |
+
if ($this->getPost()->post_type == 'revision') {
|
282 |
+
$result = update_metadata(
|
283 |
+
'post', $this->getPost()->ID, $this->getOptionName(), $option
|
284 |
+
);
|
285 |
+
} else {
|
286 |
+
$result = update_post_meta(
|
287 |
+
$this->getPost()->ID, $this->getOptionName(), $option
|
288 |
+
);
|
289 |
+
}
|
290 |
+
|
291 |
+
if ($result) {
|
292 |
+
$this->setOption($option);
|
293 |
+
}
|
294 |
+
|
295 |
+
return $result;
|
296 |
+
}
|
297 |
+
|
298 |
/**
|
299 |
* Get option
|
300 |
*
|
Application/Core/Object/Visibility.php
CHANGED
@@ -74,9 +74,9 @@ class AAM_Core_Object_Visibility extends AAM_Core_Object {
|
|
74 |
}
|
75 |
|
76 |
if (in_array($subject::UID, array('user', 'visitor'))) {
|
77 |
-
|
78 |
-
|
79 |
-
|
80 |
}
|
81 |
}
|
82 |
|
@@ -103,15 +103,18 @@ class AAM_Core_Object_Visibility extends AAM_Core_Object {
|
|
103 |
}
|
104 |
}
|
105 |
|
106 |
-
if (
|
107 |
-
$
|
108 |
-
|
109 |
-
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
|
|
|
|
|
114 |
}
|
|
|
115 |
|
116 |
return $filtered;
|
117 |
}
|
74 |
}
|
75 |
|
76 |
if (in_array($subject::UID, array('user', 'visitor'))) {
|
77 |
+
// $subject->getObject('cache')->add(
|
78 |
+
// 'visibility', 0, empty($option) ? false : $option
|
79 |
+
// );
|
80 |
}
|
81 |
}
|
82 |
|
103 |
}
|
104 |
}
|
105 |
|
106 |
+
if (empty($filtered)) {
|
107 |
+
$filtered = array_combine(
|
108 |
+
$listOptions,
|
109 |
+
array_fill(0, count($listOptions), 0)
|
110 |
+
);
|
111 |
+
}
|
112 |
+
|
113 |
+
$option = $this->getOption();
|
114 |
+
if (!isset($option[$object][$id])) {
|
115 |
+
$option[$object][$id] = $filtered;
|
116 |
}
|
117 |
+
$this->setOption($option);
|
118 |
|
119 |
return $filtered;
|
120 |
}
|
Application/Core/Subject.php
CHANGED
@@ -13,7 +13,7 @@
|
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
*/
|
16 |
-
abstract class AAM_Core_Subject
|
17 |
|
18 |
/**
|
19 |
* Subject ID
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
*/
|
16 |
+
abstract class AAM_Core_Subject {
|
17 |
|
18 |
/**
|
19 |
* Subject ID
|
Application/Extension/List.php
CHANGED
@@ -22,7 +22,7 @@ class AAM_Extension_List {
|
|
22 |
'description' => 'Get the complete list of all available premium extensions in one package. Any new premium extensions in the future will be available for no additional cost.',
|
23 |
'url' => 'https://aamplugin.com/complete-package',
|
24 |
'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null),
|
25 |
-
'latest' => '3.8'
|
26 |
),
|
27 |
'AAM_PLUS_PACKAGE' => array(
|
28 |
'title' => 'Plus Package',
|
@@ -31,7 +31,7 @@ class AAM_Extension_List {
|
|
31 |
'description' => 'The best selling extension with the most advanced content management features for the WordPress CMS. Manage granular access to any post, page, custom post type, category, custom hierarchical taxonomy or define the default access to all your content for all users, roles and visitors.',
|
32 |
'url' => 'https://aamplugin.com/extension/plus-package',
|
33 |
'version' => (defined('AAM_PLUS_PACKAGE') ? constant('AAM_PLUS_PACKAGE') : null),
|
34 |
-
'latest' => '3.7.
|
35 |
),
|
36 |
'AAM_IP_CHECK' => array(
|
37 |
'title' => 'IP Check',
|
22 |
'description' => 'Get the complete list of all available premium extensions in one package. Any new premium extensions in the future will be available for no additional cost.',
|
23 |
'url' => 'https://aamplugin.com/complete-package',
|
24 |
'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null),
|
25 |
+
'latest' => '3.8.2'
|
26 |
),
|
27 |
'AAM_PLUS_PACKAGE' => array(
|
28 |
'title' => 'Plus Package',
|
31 |
'description' => 'The best selling extension with the most advanced content management features for the WordPress CMS. Manage granular access to any post, page, custom post type, category, custom hierarchical taxonomy or define the default access to all your content for all users, roles and visitors.',
|
32 |
'url' => 'https://aamplugin.com/extension/plus-package',
|
33 |
'version' => (defined('AAM_PLUS_PACKAGE') ? constant('AAM_PLUS_PACKAGE') : null),
|
34 |
+
'latest' => '3.7.5'
|
35 |
),
|
36 |
'AAM_IP_CHECK' => array(
|
37 |
'title' => 'IP Check',
|
Application/Extension/Repository.php
CHANGED
@@ -380,14 +380,20 @@ class AAM_Extension_Repository {
|
|
380 |
*
|
381 |
* @access public
|
382 |
*/
|
383 |
-
public function getBasedir() {
|
384 |
-
$
|
385 |
|
386 |
-
|
387 |
-
|
388 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
389 |
|
390 |
-
return $
|
391 |
}
|
392 |
|
393 |
/**
|
380 |
*
|
381 |
* @access public
|
382 |
*/
|
383 |
+
public function getBasedir($relative = false) {
|
384 |
+
$dir = AAM_Core_Config::get('core.extention.directory', AAM_EXTENSION_BASE);
|
385 |
|
386 |
+
return ($relative ? str_replace(ABSPATH, '', $dir) : $dir);
|
387 |
+
}
|
388 |
+
|
389 |
+
/**
|
390 |
+
*
|
391 |
+
* @return type
|
392 |
+
*/
|
393 |
+
public function isWriteableDirectory() {
|
394 |
+
$directory = $this->getBasedir();
|
395 |
|
396 |
+
return file_exists($directory) && is_writeable($directory);
|
397 |
}
|
398 |
|
399 |
/**
|
Application/Frontend/Authorization.php
CHANGED
@@ -75,7 +75,7 @@ class AAM_Frontend_Authorization {
|
|
75 |
$date = strtotime($post->get('frontend.expire_datetime'));
|
76 |
if ($date <= time()) {
|
77 |
$actions = AAM_Core_Config::get(
|
78 |
-
'feature.
|
79 |
);
|
80 |
|
81 |
foreach(array_map('trim', explode(',', $actions)) as $action) {
|
75 |
$date = strtotime($post->get('frontend.expire_datetime'));
|
76 |
if ($date <= time()) {
|
77 |
$actions = AAM_Core_Config::get(
|
78 |
+
'feature.frontend.postAccess.expired', 'frontend.read'
|
79 |
);
|
80 |
|
81 |
foreach(array_map('trim', explode(',', $actions)) as $action) {
|
Application/Shared/Manager.php
CHANGED
@@ -47,6 +47,11 @@ class AAM_Shared_Manager {
|
|
47 |
// Disable XML-RPC if needed
|
48 |
if (!AAM_Core_Config::get('core.settings.xmlrpc', true)) {
|
49 |
add_filter('xmlrpc_enabled', '__return_false');
|
|
|
|
|
|
|
|
|
|
|
50 |
}
|
51 |
|
52 |
// Disable RESTful API if needed
|
@@ -57,7 +62,7 @@ class AAM_Shared_Manager {
|
|
57 |
1
|
58 |
);
|
59 |
}
|
60 |
-
|
61 |
// Control post visibility
|
62 |
//important to keep this option optional for optimization reasons
|
63 |
if (AAM_Core_Config::get('core.settings.checkPostVisibility', true)) {
|
@@ -76,6 +81,21 @@ class AAM_Shared_Manager {
|
|
76 |
return self::$_instance;
|
77 |
}
|
78 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
79 |
/**
|
80 |
* After post SELECT query
|
81 |
*
|
@@ -90,7 +110,7 @@ class AAM_Shared_Manager {
|
|
90 |
public function filterPostQuery($clauses, $wpQuery) {
|
91 |
if ($this->isPostFilterEnabled()) {
|
92 |
$option = AAM::getUser()->getObject('visibility')->getOption();
|
93 |
-
|
94 |
if (!empty($option['post'])) {
|
95 |
$query = $this->preparePostQuery($option['post'], $wpQuery);
|
96 |
} else {
|
@@ -149,7 +169,16 @@ class AAM_Shared_Manager {
|
|
149 |
$postType = 'post';
|
150 |
}
|
151 |
|
152 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
153 |
}
|
154 |
|
155 |
/**
|
@@ -166,7 +195,7 @@ class AAM_Shared_Manager {
|
|
166 |
protected function preparePostQuery($visibility, $wpQuery) {
|
167 |
global $wpdb;
|
168 |
|
169 |
-
$
|
170 |
|
171 |
$not = array();
|
172 |
$area = AAM_Core_Api_Area::get();
|
@@ -174,7 +203,7 @@ class AAM_Shared_Manager {
|
|
174 |
foreach($visibility as $id => $access) {
|
175 |
$chunks = explode('|', $id);
|
176 |
|
177 |
-
if ($
|
178 |
if (!empty($access["{$area}.list"])) {
|
179 |
$not[] = $chunks[0];
|
180 |
}
|
47 |
// Disable XML-RPC if needed
|
48 |
if (!AAM_Core_Config::get('core.settings.xmlrpc', true)) {
|
49 |
add_filter('xmlrpc_enabled', '__return_false');
|
50 |
+
} else {
|
51 |
+
add_action(
|
52 |
+
'xmlrpc_call',
|
53 |
+
array(self::$_instance, 'authorizeXMLRPCRequest')
|
54 |
+
);
|
55 |
}
|
56 |
|
57 |
// Disable RESTful API if needed
|
62 |
1
|
63 |
);
|
64 |
}
|
65 |
+
|
66 |
// Control post visibility
|
67 |
//important to keep this option optional for optimization reasons
|
68 |
if (AAM_Core_Config::get('core.settings.checkPostVisibility', true)) {
|
81 |
return self::$_instance;
|
82 |
}
|
83 |
|
84 |
+
/**
|
85 |
+
*
|
86 |
+
* @param type $method
|
87 |
+
*/
|
88 |
+
public function authorizeXMLRPCRequest($method) {
|
89 |
+
$object = AAM::api()->getUser(get_current_user_id())->getObject('route');
|
90 |
+
|
91 |
+
if ($object->has('xmlrpc', $method)) {
|
92 |
+
AAM_Core_API::getXMLRPCServer()->error(
|
93 |
+
401,
|
94 |
+
'Authorization Error. You are not authorized to perform this action'
|
95 |
+
);
|
96 |
+
}
|
97 |
+
}
|
98 |
+
|
99 |
/**
|
100 |
* After post SELECT query
|
101 |
*
|
110 |
public function filterPostQuery($clauses, $wpQuery) {
|
111 |
if ($this->isPostFilterEnabled()) {
|
112 |
$option = AAM::getUser()->getObject('visibility')->getOption();
|
113 |
+
|
114 |
if (!empty($option['post'])) {
|
115 |
$query = $this->preparePostQuery($option['post'], $wpQuery);
|
116 |
} else {
|
169 |
$postType = 'post';
|
170 |
}
|
171 |
|
172 |
+
if ($postType == 'any') {
|
173 |
+
$postType = array_keys(
|
174 |
+
get_post_types(
|
175 |
+
array('public' => true, 'exclude_from_search' => false),
|
176 |
+
'names'
|
177 |
+
)
|
178 |
+
);
|
179 |
+
}
|
180 |
+
|
181 |
+
return (array) $postType;
|
182 |
}
|
183 |
|
184 |
/**
|
195 |
protected function preparePostQuery($visibility, $wpQuery) {
|
196 |
global $wpdb;
|
197 |
|
198 |
+
$postTypes = $this->getQueryingPostType($wpQuery);
|
199 |
|
200 |
$not = array();
|
201 |
$area = AAM_Core_Api_Area::get();
|
203 |
foreach($visibility as $id => $access) {
|
204 |
$chunks = explode('|', $id);
|
205 |
|
206 |
+
if (in_array($chunks[1], $postTypes)) {
|
207 |
if (!empty($access["{$area}.list"])) {
|
208 |
$not[] = $chunks[0];
|
209 |
}
|
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
Plugin Name: Advanced Access Manager
|
5 |
Description: All you need to manage access to your WordPress website
|
6 |
-
Version: 5.3.
|
7 |
Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
Author URI: https://vasyltech.com
|
9 |
|
3 |
/**
|
4 |
Plugin Name: Advanced Access Manager
|
5 |
Description: All you need to manage access to your WordPress website
|
6 |
+
Version: 5.3.5
|
7 |
Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
Author URI: https://vasyltech.com
|
9 |
|
media/css/aam.css
CHANGED
@@ -236,6 +236,11 @@ html, body {
|
|
236 |
font-size: 1em;
|
237 |
}
|
238 |
|
|
|
|
|
|
|
|
|
|
|
239 |
/** BOOTSTRAP **/
|
240 |
.row {
|
241 |
position: relative;
|
@@ -478,6 +483,10 @@ table.table-bordered.dataTable tbody th, table.table-bordered.dataTable tbody td
|
|
478 |
left: auto;
|
479 |
}
|
480 |
|
|
|
|
|
|
|
|
|
481 |
input[type=checkbox] { /* to hide the checkbox itself */
|
482 |
display:none;
|
483 |
}
|
@@ -754,7 +763,7 @@ input[type=radio]:checked + label:before {
|
|
754 |
padding: 2px 15px 0px 15px;
|
755 |
}
|
756 |
|
757 |
-
.aam-submenu-item .aam-menu-capability {
|
758 |
display: block;
|
759 |
margin-top: -4px;
|
760 |
}
|
@@ -995,7 +1004,7 @@ input[type=radio]:checked + label:before {
|
|
995 |
margin-bottom: 0;
|
996 |
}
|
997 |
|
998 |
-
.aam-menu-capability {
|
999 |
color: #777777;
|
1000 |
font-weight: 400;
|
1001 |
}
|
236 |
font-size: 1em;
|
237 |
}
|
238 |
|
239 |
+
.hndle.warning {
|
240 |
+
background-color: #f0ad4e !important;
|
241 |
+
color: #FFFFFF;
|
242 |
+
}
|
243 |
+
|
244 |
/** BOOTSTRAP **/
|
245 |
.row {
|
246 |
position: relative;
|
483 |
left: auto;
|
484 |
}
|
485 |
|
486 |
+
.user-filter {
|
487 |
+
max-width: 40%;
|
488 |
+
}
|
489 |
+
|
490 |
input[type=checkbox] { /* to hide the checkbox itself */
|
491 |
display:none;
|
492 |
}
|
763 |
padding: 2px 15px 0px 15px;
|
764 |
}
|
765 |
|
766 |
+
.aam-submenu-item .aam-menu-capability, .aam-metabox-details {
|
767 |
display: block;
|
768 |
margin-top: -4px;
|
769 |
}
|
1004 |
margin-bottom: 0;
|
1005 |
}
|
1006 |
|
1007 |
+
.aam-menu-capability, .aam-metabox-details {
|
1008 |
color: #777777;
|
1009 |
font-weight: 400;
|
1010 |
}
|
media/js/aam.js
CHANGED
@@ -169,10 +169,15 @@
|
|
169 |
var create = $('<a/>', {
|
170 |
'href': '#',
|
171 |
'class': 'btn btn-primary'
|
172 |
-
})
|
|
|
173 |
.bind('click', function () {
|
174 |
resetForm('#add-role-modal .modal-body');
|
175 |
$('#add-role-modal').modal('show');
|
|
|
|
|
|
|
|
|
176 |
});
|
177 |
|
178 |
$('.dataTables_filter', '#role-list_wrapper').append(create);
|
@@ -630,10 +635,13 @@
|
|
630 |
url: aamLocal.ajaxurl,
|
631 |
type: 'POST',
|
632 |
dataType: 'json',
|
633 |
-
data: {
|
634 |
-
|
635 |
-
|
636 |
-
|
|
|
|
|
|
|
637 |
}
|
638 |
},
|
639 |
columnDefs: [
|
@@ -650,11 +658,48 @@
|
|
650 |
var create = $('<a/>', {
|
651 |
'href': '#',
|
652 |
'class': 'btn btn-primary'
|
653 |
-
})
|
|
|
|
|
654 |
window.open(aamLocal.url.addUser, '_blank');
|
|
|
|
|
|
|
|
|
655 |
});
|
656 |
|
657 |
$('.dataTables_filter', '#user-list_wrapper').append(create);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
658 |
}
|
659 |
},
|
660 |
createdRow: function (row, data) {
|
@@ -2446,8 +2491,8 @@
|
|
2446 |
}
|
2447 |
},
|
2448 |
columnDefs: [
|
2449 |
-
|
2450 |
-
{className: 'text-center', targets: [1]}
|
2451 |
],
|
2452 |
language: {
|
2453 |
search: '_INPUT_',
|
@@ -2463,7 +2508,11 @@
|
|
2463 |
'class': 'aam-api-method ' + data[1].toLowerCase()
|
2464 |
}).text(data[1]);
|
2465 |
|
2466 |
-
$('td:eq(0)', row).html(
|
|
|
|
|
|
|
|
|
2467 |
|
2468 |
var actions = data[3].split(',');
|
2469 |
|
@@ -2490,7 +2539,7 @@
|
|
2490 |
break;
|
2491 |
}
|
2492 |
});
|
2493 |
-
$('td:eq(
|
2494 |
}
|
2495 |
});
|
2496 |
|
@@ -2692,6 +2741,39 @@
|
|
2692 |
});
|
2693 |
});
|
2694 |
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2695 |
|
2696 |
//bind the download handler
|
2697 |
$('#download-extension').bind('click', function () {
|
169 |
var create = $('<a/>', {
|
170 |
'href': '#',
|
171 |
'class': 'btn btn-primary'
|
172 |
+
})
|
173 |
+
.html('<i class="icon-plus"></i>')
|
174 |
.bind('click', function () {
|
175 |
resetForm('#add-role-modal .modal-body');
|
176 |
$('#add-role-modal').modal('show');
|
177 |
+
})
|
178 |
+
.attr({
|
179 |
+
'data-toggle': "tooltip",
|
180 |
+
'title': aam.__('Create New Role')
|
181 |
});
|
182 |
|
183 |
$('.dataTables_filter', '#role-list_wrapper').append(create);
|
635 |
url: aamLocal.ajaxurl,
|
636 |
type: 'POST',
|
637 |
dataType: 'json',
|
638 |
+
data: function(params) {
|
639 |
+
params.action = 'aam';
|
640 |
+
params.sub_action = 'Subject_User.getTable';
|
641 |
+
params._ajax_nonce = aamLocal.nonce;
|
642 |
+
params.role = $('#user-list-filter').val();
|
643 |
+
|
644 |
+
return params;
|
645 |
}
|
646 |
},
|
647 |
columnDefs: [
|
658 |
var create = $('<a/>', {
|
659 |
'href': '#',
|
660 |
'class': 'btn btn-primary'
|
661 |
+
})
|
662 |
+
.html('<i class="icon-plus"></i> ')
|
663 |
+
.bind('click', function () {
|
664 |
window.open(aamLocal.url.addUser, '_blank');
|
665 |
+
})
|
666 |
+
.attr({
|
667 |
+
'data-toggle': "tooltip",
|
668 |
+
'title': aam.__('Create New User')
|
669 |
});
|
670 |
|
671 |
$('.dataTables_filter', '#user-list_wrapper').append(create);
|
672 |
+
|
673 |
+
var filter = $('<select>').attr({
|
674 |
+
'class': 'user-filter',
|
675 |
+
'id': 'user-list-filter'
|
676 |
+
})
|
677 |
+
.html('<option value="">' + aam.__('Loading roles...') + '</option>')
|
678 |
+
.bind('change', function() {
|
679 |
+
$('#user-list').DataTable().ajax.reload();
|
680 |
+
});
|
681 |
+
|
682 |
+
$('.dataTables_filter', '#user-list_wrapper').append(filter);
|
683 |
+
|
684 |
+
$.ajax(aamLocal.ajaxurl, {
|
685 |
+
type: 'POST',
|
686 |
+
dataType: 'json',
|
687 |
+
data: {
|
688 |
+
action: 'aam',
|
689 |
+
sub_action: 'Subject_Role.getList',
|
690 |
+
_ajax_nonce: aamLocal.nonce
|
691 |
+
},
|
692 |
+
success: function (response) {
|
693 |
+
$('#user-list-filter').html(
|
694 |
+
'<option value="">' + aam.__('Select Role') + '</option>'
|
695 |
+
);
|
696 |
+
for (var i in response) {
|
697 |
+
$('#user-list-filter').append(
|
698 |
+
'<option value="' + i + '">' + response[i].name + '</option>'
|
699 |
+
);
|
700 |
+
}
|
701 |
+
}
|
702 |
+
});
|
703 |
}
|
704 |
},
|
705 |
createdRow: function (row, data) {
|
2491 |
}
|
2492 |
},
|
2493 |
columnDefs: [
|
2494 |
+
// {visible: false, targets: [0]},
|
2495 |
+
{className: 'text-center', targets: [0, 1]}
|
2496 |
],
|
2497 |
language: {
|
2498 |
search: '_INPUT_',
|
2508 |
'class': 'aam-api-method ' + data[1].toLowerCase()
|
2509 |
}).text(data[1]);
|
2510 |
|
2511 |
+
$('td:eq(0)', row).html(
|
2512 |
+
'<small>' + (data[0] === 'restful' ? 'JSON' : 'XML') + '</small>'
|
2513 |
+
);
|
2514 |
+
|
2515 |
+
$('td:eq(1)', row).html(method);
|
2516 |
|
2517 |
var actions = data[3].split(',');
|
2518 |
|
2539 |
break;
|
2540 |
}
|
2541 |
});
|
2542 |
+
$('td:eq(3)', row).html(container);
|
2543 |
}
|
2544 |
});
|
2545 |
|
2741 |
});
|
2742 |
});
|
2743 |
});
|
2744 |
+
|
2745 |
+
$('#fix-extension-dir-issue').bind('click', function(event) {
|
2746 |
+
event.preventDefault();
|
2747 |
+
|
2748 |
+
$('i', this).attr('class', 'icon-spin4 animate-spin');
|
2749 |
+
|
2750 |
+
$.ajax(aamLocal.ajaxurl, {
|
2751 |
+
type: 'POST',
|
2752 |
+
dataType: 'json',
|
2753 |
+
data: {
|
2754 |
+
action: 'aam',
|
2755 |
+
sub_action: 'Extension_Manager.fixDirectoryIssue',
|
2756 |
+
_ajax_nonce: aamLocal.nonce
|
2757 |
+
},
|
2758 |
+
success: function(response) {
|
2759 |
+
if (response.status === 'success') {
|
2760 |
+
$('#extension-dir-warning').remove();
|
2761 |
+
aam.notification(
|
2762 |
+
'success',
|
2763 |
+
aam.__('The issue has been resolved')
|
2764 |
+
);
|
2765 |
+
} else {
|
2766 |
+
$('#extension-dir-issue-modal').modal('show');
|
2767 |
+
}
|
2768 |
+
},
|
2769 |
+
error: function() {
|
2770 |
+
aam.notification('danger', aam.__('Application error'));
|
2771 |
+
},
|
2772 |
+
complete: function () {
|
2773 |
+
$('i', '#fix-extension-dir-issue').attr('class', 'icon-wrench');
|
2774 |
+
}
|
2775 |
+
});
|
2776 |
+
});
|
2777 |
|
2778 |
//bind the download handler
|
2779 |
$('#download-extension').bind('click', function () {
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: vasyltech
|
|
3 |
Tags: access, role, user, capability, page access, post access, content access, comments, security, login redirect, membership, backend lockdown, wp-admin, 404, rest api, xml rpc
|
4 |
Requires at least: 4.0
|
5 |
Tested up to: 4.9.6
|
6 |
-
Stable tag: 5.3.
|
7 |
|
8 |
The most powerful access management plugin for WordPress websites.
|
9 |
|
@@ -66,6 +66,13 @@ https://www.youtube.com/watch?v=yiOhjaacNJc
|
|
66 |
|
67 |
== Changelog ==
|
68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
69 |
= 5.3.4 =
|
70 |
* Fixed incompatibility issue with plugins that use "plugins_loaded" hook for post manipulations
|
71 |
* Fixed the bug with AAM_Api_Rest_Resource_User
|
3 |
Tags: access, role, user, capability, page access, post access, content access, comments, security, login redirect, membership, backend lockdown, wp-admin, 404, rest api, xml rpc
|
4 |
Requires at least: 4.0
|
5 |
Tested up to: 4.9.6
|
6 |
+
Stable tag: 5.3.5
|
7 |
|
8 |
The most powerful access management plugin for WordPress websites.
|
9 |
|
66 |
|
67 |
== Changelog ==
|
68 |
|
69 |
+
= 5.3.5 =
|
70 |
+
* Fixed bug with post LIST & LIST TO OTHERS when access is set to term in odd order
|
71 |
+
* Fixed bug that potentially did not filter posts during search
|
72 |
+
* Added notification to the UI that extension folder does not exist or is not writable
|
73 |
+
* Added XML-RPC endpoint control
|
74 |
+
* Added ability to filter list of users by roles on the Users/Roles Manager panel
|
75 |
+
|
76 |
= 5.3.4 =
|
77 |
* Fixed incompatibility issue with plugins that use "plugins_loaded" hook for post manipulations
|
78 |
* Fixed the bug with AAM_Api_Rest_Resource_User
|