Advanced Access Manager - Version 5.7.1

Version Description

  • Fixed the bug with AAM notifications related to extension updates
  • Fixed the bug with AAM not taking in consideration capabilities that defined in policy
  • Improved the way show_admin_bar capability is handled
  • Added ability to define Conditions to the Statement Policy document
Download this release

Release Info

Developer vasyltech
Plugin Icon 128x128 Advanced Access Manager
Version 5.7.1
Comparing to
See all releases

Code changes from version 5.7 to 5.7.1

Files changed (15) hide show
  1. Application/Backend/Feature/Main/Capability.php +8 -6
  2. Application/Backend/Feature/Main/Policy.php +10 -28
  3. Application/Backend/Manager.php +4 -0
  4. Application/Backend/phtml/main/policy.phtml +38 -28
  5. Application/Core/API.php +4 -1
  6. Application/Core/Gateway.php +2 -2
  7. Application/Core/Object/Policy.php +438 -40
  8. Application/Core/Subject.php +2 -0
  9. Application/Core/Subject/User.php +1 -1
  10. Application/Extension/Repository.php +9 -7
  11. Application/Frontend/Manager.php +1 -1
  12. Application/Shared/Manager.php +4 -2
  13. aam.php +1 -1
  14. media/js/aam-5.7.js +21 -2
  15. readme.txt +8 -2
Application/Backend/Feature/Main/Capability.php CHANGED
@@ -253,12 +253,14 @@ class AAM_Backend_Feature_Main_Capability extends AAM_Backend_Feature_Abstract {
253
  $caps = AAM_Core_API::getAllCapabilities();
254
 
255
  foreach (array_keys($caps) as $cap) {
256
- $response[] = array(
257
- $cap,
258
- $this->getGroup($cap),
259
- $cap,
260
- $this->prepareActionList($cap)
261
- );
 
 
262
  }
263
 
264
  return $response;
253
  $caps = AAM_Core_API::getAllCapabilities();
254
 
255
  foreach (array_keys($caps) as $cap) {
256
+ if (AAM::api()->isAllowed("Capability:{$cap}", 'AAM:list') !== false) {
257
+ $response[] = array(
258
+ $cap,
259
+ $this->getGroup($cap),
260
+ $cap,
261
+ $this->prepareActionList($cap)
262
+ );
263
+ }
264
  }
265
 
266
  return $response;
Application/Backend/Feature/Main/Policy.php CHANGED
@@ -23,26 +23,6 @@ class AAM_Backend_Feature_Main_Policy extends AAM_Backend_Feature_Abstract {
23
  return wp_json_encode($this->retrievePolicies());
24
  }
25
 
26
- /**
27
- *
28
- * @return type
29
- */
30
- public function deletePolicy() {
31
- $id = filter_input(INPUT_POST, 'id');
32
-
33
- $policies = AAM_Core_API::getOption('aam-policy-list', array(), 'site');
34
-
35
- if (isset($policies[$id])) {
36
- unset($policies[$id]);
37
- }
38
-
39
- AAM_Core_API::updateOption('aam-policy-list', $policies, 'site');
40
-
41
- AAM_Core_API::clearCache();
42
-
43
- return wp_json_encode(array('status' => 'success'));
44
- }
45
-
46
  /**
47
  * Save post properties
48
  *
@@ -51,16 +31,18 @@ class AAM_Backend_Feature_Main_Policy extends AAM_Backend_Feature_Abstract {
51
  * @access public
52
  */
53
  public function save() {
54
- $subject = AAM_Backend_Subject::getInstance();
 
 
 
55
 
 
 
56
 
57
- $id = AAM_Core_Request::post('id');
58
- $effect = AAM_Core_Request::post('effect');
59
-
60
- //clear cache
61
- AAM_Core_API::clearCache();
62
-
63
- $result = $subject->save($id, $effect, 'policy');
64
 
65
  return wp_json_encode(array(
66
  'status' => ($result ? 'success' : 'failure')
23
  return wp_json_encode($this->retrievePolicies());
24
  }
25
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
26
  /**
27
  * Save post properties
28
  *
31
  * @access public
32
  */
33
  public function save() {
34
+ if (defined('AAM_PLUS_PACKAGE')) {
35
+ $subject = AAM_Backend_Subject::getInstance();
36
+ $id = AAM_Core_Request::post('id');
37
+ $effect = AAM_Core_Request::post('effect');
38
 
39
+ //clear cache
40
+ AAM_Core_API::clearCache();
41
 
42
+ $result = $subject->save($id, $effect, 'policy');
43
+ } else {
44
+ $result = false;
45
+ }
 
 
 
46
 
47
  return wp_json_encode(array(
48
  'status' => ($result ? 'success' : 'failure')
Application/Backend/Manager.php CHANGED
@@ -545,6 +545,10 @@ EOT;
545
  }
546
  }
547
 
 
 
 
 
548
  public function renderPolicyPrincipalMetabox() {
549
  global $post;
550
 
545
  }
546
  }
547
 
548
+ /**
549
+ *
550
+ * @global WP_Post $post
551
+ */
552
  public function renderPolicyPrincipalMetabox() {
553
  global $post;
554
 
Application/Backend/phtml/main/policy.phtml CHANGED
@@ -1,36 +1,46 @@
1
  <?php if (defined('AAM_KEY')) { ?>
2
  <div class="aam-feature" id="policy-content">
3
- <div class="row">
4
- <div class="col-xs-12">
5
- <p class="aam-info">
6
- <?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('Manage access and security policies for [%s]. For more information check %sAccess &amp; Security Policy%s page.', 'b'), AAM_Backend_Subject::getInstance()->getName(), '<a href="https://aamplugin.com/access-and-security-policy" target="_blank">', '</a>'); ?>
7
- </p>
 
 
 
 
 
 
 
 
 
 
 
8
  </div>
9
- </div>
10
-
11
- <div class="row">
12
- <div class="col-xs-12">
13
- <div class="aam-overwrite" id="aam-policy-overwrite" style="display: <?php echo ($this->isOverwritten() ? 'block' : 'none'); ?>">
14
- <span><i class="icon-check"></i> <?php echo __('Policies are customized', AAM_KEY); ?></span>
15
- <span><a href="#" id="policy-reset" class="btn btn-xs btn-primary"><?php echo __('Reset To Default', AAM_KEY); ?></a>
 
 
 
 
 
 
 
16
  </div>
17
  </div>
18
- </div>
19
-
20
- <div class="row">
21
- <div class="col-xs-12">
22
- <table id="policy-list" class="table table-striped table-bordered">
23
- <thead>
24
- <tr>
25
- <th>ID</th>
26
- <th width="80%"><?php echo __('Policy', AAM_KEY); ?></th>
27
- <th><?php echo __('Actions', AAM_KEY); ?></th>
28
- <th>Edit Link</th>
29
- </tr>
30
- </thead>
31
- <tbody></tbody>
32
- </table>
33
  </div>
34
- </div>
35
  </div>
36
  <?php }
1
  <?php if (defined('AAM_KEY')) { ?>
2
  <div class="aam-feature" id="policy-content">
3
+ <?php if (defined('AAM_PLUS_PACKAGE') || AAM_Backend_Subject::getInstance()->getUID() != AAM_Core_Subject_Default::UID) { ?>
4
+ <div class="row">
5
+ <div class="col-xs-12">
6
+ <p class="aam-info">
7
+ <?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('Manage access and security policies for [%s]. For more information check %sAccess &amp; Security Policy%s page.', 'b'), AAM_Backend_Subject::getInstance()->getName(), '<a href="https://aamplugin.com/access-and-security-policy" target="_blank">', '</a>'); ?>
8
+ </p>
9
+ </div>
10
+ </div>
11
+
12
+ <div class="row">
13
+ <div class="col-xs-12">
14
+ <div class="aam-overwrite" id="aam-policy-overwrite" style="display: <?php echo ($this->isOverwritten() ? 'block' : 'none'); ?>">
15
+ <span><i class="icon-check"></i> <?php echo __('Policies are customized', AAM_KEY); ?></span>
16
+ <span><a href="#" id="policy-reset" class="btn btn-xs btn-primary"><?php echo __('Reset To Default', AAM_KEY); ?></a>
17
+ </div>
18
+ </div>
19
  </div>
20
+
21
+ <div class="row">
22
+ <div class="col-xs-12">
23
+ <table id="policy-list" class="table table-striped table-bordered">
24
+ <thead>
25
+ <tr>
26
+ <th>ID</th>
27
+ <th width="80%"><?php echo __('Policy', AAM_KEY); ?></th>
28
+ <th><?php echo __('Actions', AAM_KEY); ?></th>
29
+ <th>Edit Link</th>
30
+ </tr>
31
+ </thead>
32
+ <tbody></tbody>
33
+ </table>
34
  </div>
35
  </div>
36
+ <?php } else { ?>
37
+ <div class="row">
38
+ <div class="col-xs-12">
39
+ <p class="aam-notification">
40
+ <?php echo sprintf(AAM_Backend_View_Helper::preparePhrase('%s[AAM Plus Package]%s extension is required in order to apply Access &amp; Security Policies to everybody all together.', 'b'), '<a href="https://aamplugin.com/extension/plus-package" target="_blank">', '</a>'); ?>
41
+ </p>
42
+ </div>
 
 
 
 
 
 
 
 
43
  </div>
44
+ <?php } ?>
45
  </div>
46
  <?php }
Application/Core/API.php CHANGED
@@ -240,7 +240,10 @@ final class AAM_Core_API {
240
  public static function capabilityExists($cap) {
241
  $caps = self::getAllCapabilities();
242
 
243
- return (is_string($cap) && array_key_exists($cap, $caps) ? true : false);
 
 
 
244
  }
245
 
246
  /**
240
  public static function capabilityExists($cap) {
241
  $caps = self::getAllCapabilities();
242
 
243
+ $exists = array_key_exists($cap, $caps) ? true : false;
244
+ $policy = (AAM::api()->isAllowed("Capability:{$cap}") !== null);
245
+
246
+ return (is_string($cap) && ($exists || $policy));
247
  }
248
 
249
  /**
Application/Core/Gateway.php CHANGED
@@ -205,10 +205,10 @@ final class AAM_Core_Gateway {
205
  // If merging preference is "deny" and at least one of the access
206
  // settings is checked, then final merged array will have it set
207
  // to checked
208
- if ($preference === 'deny' && !empty($options[$key])) {
209
  $merged[$key] = $options[$key];
210
  break;
211
- } elseif ($preference === 'allow' && empty($options[$key])) {
212
  $merged[$key] = 0;
213
  break;
214
  } elseif (isset($options[$key])) {
205
  // If merging preference is "deny" and at least one of the access
206
  // settings is checked, then final merged array will have it set
207
  // to checked
208
+ if (in_array($preference, array('deny', 'apply'), true) && !empty($options[$key])) {
209
  $merged[$key] = $options[$key];
210
  break;
211
+ } elseif (in_array($preference, array('allow', 'deprive'), true) && empty($options[$key])) {
212
  $merged[$key] = 0;
213
  break;
214
  } elseif (isset($options[$key])) {
Application/Core/Object/Policy.php CHANGED
@@ -56,16 +56,33 @@ class AAM_Core_Object_Policy extends AAM_Core_Object {
56
  *
57
  */
58
  public function load() {
59
- $resources = AAM::api()->getUser()->getObject('cache')->get('policy', 0, null);
 
 
 
 
 
 
60
 
61
- if (is_null($resources)) {
 
 
 
 
 
 
 
 
 
 
 
 
62
  $statements = array();
63
 
64
- // Step #1. Extract all statements
65
  foreach($this->getOption() as $id => $effect) {
66
  if ($effect) {
67
  $policy = get_post($id);
68
-
69
  if (is_a($policy, 'WP_Post')) {
70
  $obj = json_decode($policy->post_content, true);
71
  if (json_last_error() === JSON_ERROR_NONE) {
@@ -76,40 +93,426 @@ class AAM_Core_Object_Policy extends AAM_Core_Object {
76
  }
77
  }
78
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
79
 
80
- // Step #2. Merge all statements
81
- $resources = array();
 
82
 
83
- foreach($statements as $statement) {
84
- if (isset($statement['Resource'])) {
85
- $actions = (array)(!empty($statement['Action']) ? $statement['Action'] : '');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
86
 
87
- foreach((array) $statement['Resource'] as $resource) {
88
- foreach($actions as $action) {
89
- $id = strtolower(
90
- $resource . (!empty($action) ? ":{$action}" : '')
91
- );
92
-
93
- if (!isset($resources[$id])) {
94
- $resources[$id] = $statement;
95
- } elseif (empty($resources[$id]['Enforce'])) {
96
- $resources[$id] = $this->mergeStatements(
97
- $resources[$id], $statement
98
- );
99
- }
100
-
101
- // cleanup
102
- if (isset($resources[$id]['Resource'])) { unset($resources[$id]['Resource']); }
103
- if (isset($resources[$id]['Action'])) { unset($resources[$id]['Action']); }
104
- }
105
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
106
  }
107
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
108
 
109
- AAM::api()->getUser()->getObject('cache')->add('policy', 0, $resources);
 
 
 
 
 
 
 
 
 
 
110
  }
111
 
112
- $this->resources = $resources;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
113
  }
114
 
115
  /**
@@ -220,17 +623,12 @@ class AAM_Core_Object_Policy extends AAM_Core_Object {
220
  }
221
 
222
  /**
223
- * Reset default settings
224
  *
225
- * @return bool
226
- *
227
- * @access public
228
  */
229
- public function reset() {
230
- //clear cache
231
- AAM_Core_API::clearCache();
232
-
233
- return $this->getSubject()->deleteOption('policy');
234
  }
235
-
236
  }
56
  *
57
  */
58
  public function load() {
59
+ $resources = array();
60
+
61
+ foreach($this->loadStatements() as $statement) {
62
+ if (isset($statement['Resource']) && $this->applicable($statement)) {
63
+ $this->evaluateStatement($statement, $resources);
64
+ }
65
+ }
66
 
67
+ $this->resources = $resources;
68
+ }
69
+
70
+ /**
71
+ *
72
+ * @return type
73
+ */
74
+ protected function loadStatements() {
75
+ $cache = AAM::api()->getUser()->getObject('cache');
76
+ $statements = $cache->get('policyStatements', 0, null);
77
+
78
+ // Step #1. Extract all statements
79
+ if (is_null($statements)) {
80
  $statements = array();
81
 
 
82
  foreach($this->getOption() as $id => $effect) {
83
  if ($effect) {
84
  $policy = get_post($id);
85
+
86
  if (is_a($policy, 'WP_Post')) {
87
  $obj = json_decode($policy->post_content, true);
88
  if (json_last_error() === JSON_ERROR_NONE) {
93
  }
94
  }
95
  }
96
+ $cache->add('policyStatements', 0, $statements);
97
+ }
98
+
99
+ return $statements;
100
+ }
101
+
102
+ /**
103
+ *
104
+ * @param type $statement
105
+ * @param type $resources
106
+ */
107
+ protected function evaluateStatement($statement, &$resources) {
108
+ $actions = (array)(!empty($statement['Action']) ? $statement['Action'] : '');
109
 
110
+ foreach((array)$statement['Resource'] as $resource) {
111
+ foreach($actions as $action) {
112
+ $id = strtolower($resource . (!empty($action) ? ":{$action}" : ''));
113
 
114
+ // Add new statement
115
+ if (!isset($resources[$id])) {
116
+ $resources[$id] = $statement;
117
+ // Merge statement unless the first one is marked as Enforced
118
+ } elseif (empty($resources[$id]['Enforce'])) {
119
+ $resources[$id] = $this->mergeStatements(
120
+ $resources[$id], $statement
121
+ );
122
+ }
123
+
124
+ $this->normalizeResource($resources, $id);
125
+ }
126
+ }
127
+ }
128
+
129
+ /**
130
+ *
131
+ * @param type $resources
132
+ * @param type $id
133
+ */
134
+ protected function normalizeResource(&$resources, $id) {
135
+ // cleanup fields
136
+ foreach(array('Resource', 'Action', 'Condition') as $field) {
137
+ if (isset($resources[$id][$field])) {
138
+ unset($resources[$id][$field]);
139
+ }
140
+ }
141
+ }
142
+
143
+ /**
144
+ *
145
+ * @param type $statement
146
+ * @return boolean
147
+ */
148
+ protected function applicable($statement) {
149
+ $result = true;
150
+
151
+ if (!empty($statement['Condition']) && !is_scalar($statement['Condition'])) {
152
+ foreach($statement['Condition'] as $type => $conditions) {
153
+ switch(strtolower($type)) {
154
+ case 'between':
155
+ $result = $result && $this->evaluateBetweenConditions($conditions);
156
+ break;
157
 
158
+ case 'equals':
159
+ $result = $result && $this->evaluateEqualsConditions($conditions);
160
+ break;
161
+
162
+ case 'notequals':
163
+ $result = $result && $this->evaluateNotEqualsConditions($conditions);
164
+ break;
165
+
166
+ case 'greater':
167
+ $result = $result && $this->evaluateGreaterConditions($conditions);
168
+ break;
169
+
170
+ case 'less':
171
+ $result = $result && $this->evaluateLessConditions($conditions);
172
+ break;
173
+
174
+ case 'greaterorequals':
175
+ $result = $result && $this->evaluateGreaterOrEqualsConditions($conditions);
176
+ break;
177
+
178
+ case 'lessorequals':
179
+ $result = $result && $this->evaluateLessOrEqualsConditions($conditions);
180
+ break;
181
+
182
+ case 'in':
183
+ $result = $result && $this->evaluateInConditions($conditions);
184
+ break;
185
+
186
+ case 'notin':
187
+ $result = $result && $this->evaluateNotInConditions($conditions);
188
+ break;
189
+
190
+ case 'like':
191
+ $result = $result && $this->evaluateLikeConditions($conditions);
192
+ break;
193
+
194
+ case 'notlike':
195
+ $result = $result && $this->evaluateNotLikeConditions($conditions);
196
+ break;
197
+
198
+ case 'regex':
199
+ $result = $result && $this->evaluateRegexConditions($conditions);
200
+ break;
201
+
202
+ default:
203
+ $result = $result && apply_filters('aam-statement-conditions-filter', false, $conditions);
204
+ break;
205
  }
206
  }
207
+ }
208
+
209
+ return $result;
210
+ }
211
+
212
+ /**
213
+ *
214
+ * @param type $conditions
215
+ * @return type
216
+ */
217
+ protected function evaluateBetweenConditions($conditions) {
218
+ $result = false;
219
+
220
+ foreach($this->prepareConditions($conditions) as $left => $right) {
221
+ foreach((array)$right as $subset) {
222
+ $min = (is_array($subset) ? array_shift($subset) : $subset);
223
+ $max = (is_array($subset) ? end($subset) : $subset);
224
+
225
+ $result = $result || ($left >= $min && $left <= $max);
226
+ }
227
+ }
228
+
229
+ return $result;
230
+ }
231
+
232
+ /**
233
+ *
234
+ * @param type $conditions
235
+ * @return type
236
+ */
237
+ protected function evaluateEqualsConditions($conditions) {
238
+ $result = false;
239
+
240
+ foreach($this->prepareConditions($conditions) as $left => $right) {
241
+ $result = $result || ($left === $right);
242
+ }
243
+
244
+ return $result;
245
+ }
246
+
247
+ /**
248
+ *
249
+ * @param type $conditions
250
+ * @return type
251
+ */
252
+ protected function evaluateNotEqualsConditions($conditions) {
253
+ return !$this->evaluateEqualsConditions($conditions);
254
+ }
255
+
256
+ /**
257
+ *
258
+ * @param type $conditions
259
+ * @return type
260
+ */
261
+ protected function evaluateGreaterConditions($conditions) {
262
+ $result = false;
263
+
264
+ foreach($this->prepareConditions($conditions) as $left => $right) {
265
+ $result = $result || ($left > $right);
266
+ }
267
+
268
+ return $result;
269
+ }
270
+
271
+ /**
272
+ *
273
+ * @param type $conditions
274
+ * @return type
275
+ */
276
+ protected function evaluateLessConditions($conditions) {
277
+ $result = false;
278
+
279
+ foreach($this->prepareConditions($conditions) as $left => $right) {
280
+ $result = $result || ($left < $right);
281
+ }
282
+
283
+ return $result;
284
+ }
285
+
286
+ /**
287
+ *
288
+ * @param type $conditions
289
+ * @return type
290
+ */
291
+ protected function evaluateGreaterOrEqualsConditions($conditions) {
292
+ $result = false;
293
+
294
+ foreach($this->prepareConditions($conditions) as $left => $right) {
295
+ $result = $result || ($left >= $right);
296
+ }
297
+
298
+ return $result;
299
+ }
300
+
301
+ /**
302
+ *
303
+ * @param type $conditions
304
+ * @return type
305
+ */
306
+ protected function evaluateLessOrEqualsConditions($conditions) {
307
+ $result = false;
308
+
309
+ foreach($this->prepareConditions($conditions) as $left => $right) {
310
+ $result = $result || ($left <= $right);
311
+ }
312
+
313
+ return $result;
314
+ }
315
+
316
+ /**
317
+ *
318
+ * @param type $conditions
319
+ * @return type
320
+ */
321
+ protected function evaluateInConditions($conditions) {
322
+ $result = false;
323
+
324
+ foreach($this->prepareConditions($conditions) as $left => $right) {
325
+ $result = $result || in_array($left, (array) $right, true);
326
+ }
327
+
328
+ return $result;
329
+ }
330
+
331
+ /**
332
+ *
333
+ * @param type $conditions
334
+ * @return type
335
+ */
336
+ protected function evaluateNotInConditions($conditions) {
337
+ return !$this->evaluateInConditions($conditions);
338
+ }
339
+
340
+ /**
341
+ *
342
+ * @param type $conditions
343
+ * @return type
344
+ */
345
+ protected function evaluateLikeConditions($conditions) {
346
+ $result = false;
347
+
348
+ foreach($this->prepareConditions($conditions) as $left => $right) {
349
+ foreach((array)$right as $el) {
350
+ $result = $result || preg_match('@^' . str_replace('\*', '.*', preg_quote($el)) . '$@', $left);
351
+ }
352
+ }
353
+
354
+ return $result;
355
+ }
356
+
357
+ /**
358
+ *
359
+ * @param type $conditions
360
+ * @return type
361
+ */
362
+ protected function evaluateNotLikeConditions($conditions) {
363
+ return !$this->evaluateLikeConditions($conditions);
364
+ }
365
+
366
+ /**
367
+ *
368
+ * @param type $conditions
369
+ * @return type
370
+ */
371
+ protected function evaluateRegexConditions($conditions) {
372
+ $result = false;
373
+
374
+ foreach($this->prepareConditions($conditions) as $left => $right) {
375
+ $result = $result || preg_match($right, $left);
376
+ }
377
+
378
+ return $result;
379
+ }
380
+
381
+ /**
382
+ *
383
+ * @param type $conditions
384
+ * @return array
385
+ */
386
+ protected function prepareConditions($conditions) {
387
+ $result = array();
388
+
389
+ if (is_array($conditions)) {
390
+ foreach($conditions as $left => $right) {
391
+ $left = $this->parseTokens($left);
392
+ $right = $this->parseTokens($right);
393
+
394
+ $result[$left] = $right;
395
+ }
396
+ }
397
+
398
+ return $result;
399
+ }
400
+
401
+ /**
402
+ *
403
+ * @param type $chunk
404
+ * @return boolean
405
+ */
406
+ protected function parseTokens($chunk) {
407
+ if (is_scalar($chunk)) {
408
+ if (preg_match_all('/(\$\{[^}]+\})/', $chunk, $match)) {
409
+ $chunk = $this->replaceTokens($chunk, $match[1]);
410
+ }
411
+ } elseif (is_array($chunk) || is_object($chunk)) {
412
+ foreach($chunk as &$value) {
413
+ $value = $this->parseTokens($value);
414
+ }
415
+ } else {
416
+ $chunk = false;
417
+ }
418
+
419
+ return $chunk;
420
+ }
421
+
422
+ /**
423
+ *
424
+ * @param type $str
425
+ * @param type $tokens
426
+ * @return type
427
+ */
428
+ protected function replaceTokens($str, $tokens) {
429
+ foreach($tokens as $token) {
430
+ $str = str_replace(
431
+ $token,
432
+ $this->evaluateToken(
433
+ preg_replace('/^\$\{([^}]+)\}$/', '${1}', $token)
434
+ ),
435
+ $str
436
+ );
437
+ }
438
+
439
+ return $str;
440
+ }
441
+
442
+ /**
443
+ *
444
+ * @param type $token
445
+ * @param type $value
446
+ */
447
+ protected function evaluateToken($token, $value = null) {
448
+ $parts = explode('.', $token);
449
+
450
+ switch($parts[0]) {
451
+ case 'USER':
452
+ $value = $this->getUserValue($parts[1], $value);
453
+ break;
454
+
455
+ case 'DATETIME':
456
+ $value = $this->getDateTimeValue($parts[1], $value);
457
+ break;
458
+
459
+ case 'GET':
460
+ $value = AAM_Core_Request::get($parts[1], $value);
461
+ break;
462
+
463
+ case 'POST':
464
+ $value = AAM_Core_Request::post($parts[1], $value);
465
+ break;
466
 
467
+ case 'COOKIE':
468
+ $value = AAM_Core_Request::cookie($parts[1], $value);
469
+ break;
470
+
471
+ case 'CALLBACK':
472
+ $value = (is_callable($parts[1]) ? call_user_func($parts[1]) : $value);
473
+ break;
474
+
475
+ default:
476
+ $value = apply_filters('aam-evaluate-token-filter', $value, $parts[1]);
477
+ break;
478
  }
479
 
480
+ return $value;
481
+ }
482
+
483
+ /**
484
+ *
485
+ * @param type $prop
486
+ * @param type $value
487
+ * @return type
488
+ */
489
+ protected function getUserValue($prop, $value = null) {
490
+ $user = AAM::api()->getUser();
491
+
492
+ switch($prop) {
493
+ case 'IPAddress':
494
+ $value = AAM_Core_Request::server('REMOTE_IP');
495
+ break;
496
+
497
+ case 'Authenticated':
498
+ $value = $user->isVisitor() ? false : true;
499
+ break;
500
+
501
+ default:
502
+ $value = $user->{$prop};
503
+ break;
504
+ }
505
+
506
+ return $value;
507
+ }
508
+
509
+ /**
510
+ *
511
+ * @param type $prop
512
+ * @return type
513
+ */
514
+ protected function getDateTimeValue($prop) {
515
+ return date($prop);
516
  }
517
 
518
  /**
623
  }
624
 
625
  /**
 
626
  *
627
+ * @param type $external
628
+ * @return type
 
629
  */
630
+ public function mergeOption($external) {
631
+ return AAM::api()->mergeSettings($external, $this->getOption(), 'policy');
 
 
 
632
  }
633
+
634
  }
Application/Core/Subject.php CHANGED
@@ -299,6 +299,8 @@ abstract class AAM_Core_Subject {
299
  * @access public
300
  */
301
  public function resetObject($object) {
 
 
302
  return $this->deleteOption($object);
303
  }
304
 
299
  * @access public
300
  */
301
  public function resetObject($object) {
302
+ AAM_Core_API::clearCache();
303
+
304
  return $this->deleteOption($object);
305
  }
306
 
Application/Core/Subject/User.php CHANGED
@@ -270,7 +270,7 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
270
  if ($object === 'capability') {
271
  $result = delete_user_option($this->getId(), self::AAM_CAPKEY);
272
  } else {
273
- $result = $this->deleteOption($object);
274
  }
275
 
276
  return $result;
270
  if ($object === 'capability') {
271
  $result = delete_user_option($this->getId(), self::AAM_CAPKEY);
272
  } else {
273
+ $result = parent::resetObject($object);
274
  }
275
 
276
  return $result;
Application/Extension/Repository.php CHANGED
@@ -143,13 +143,15 @@ class AAM_Extension_Repository {
143
  $load = $status && $version;
144
 
145
  if (!$version) {
146
- AAM_Core_Console::add(AAM_Backend_View_Helper::preparePhrase(
147
- sprintf(
148
- __('[%s] was not loaded. Update extension to the latest version.', AAM_KEY),
149
- $list[$conf['id']]['title']
150
- ),
151
- 'b'
152
- ));
 
 
153
  }
154
  } else { // TODO - Remove May 2019
155
  AAM_Core_Console::add(AAM_Backend_View_Helper::preparePhrase(
143
  $load = $status && $version;
144
 
145
  if (!$version) {
146
+ if (!empty($list[$conf['id']]['title'])) { // Any custom extensions
147
+ AAM_Core_Console::add(AAM_Backend_View_Helper::preparePhrase(
148
+ sprintf(
149
+ __('[%s] was not loaded. Update extension to the latest version.', AAM_KEY),
150
+ $list[$conf['id']]['title']
151
+ ),
152
+ 'b'
153
+ ));
154
+ }
155
  }
156
  } else { // TODO - Remove May 2019
157
  AAM_Core_Console::add(AAM_Backend_View_Helper::preparePhrase(
Application/Frontend/Manager.php CHANGED
@@ -85,7 +85,7 @@ class AAM_Frontend_Manager {
85
  public function checkAdminBar() {
86
  if (AAM_Core_API::capabilityExists('show_admin_bar')) {
87
  if (!AAM::getUser()->hasCapability('show_admin_bar')) {
88
- show_admin_bar(false);
89
  }
90
  }
91
  }
85
  public function checkAdminBar() {
86
  if (AAM_Core_API::capabilityExists('show_admin_bar')) {
87
  if (!AAM::getUser()->hasCapability('show_admin_bar')) {
88
+ add_filter('show_admin_bar', '__return_false', PHP_INT_MAX );
89
  }
90
  }
91
  }
Application/Shared/Manager.php CHANGED
@@ -439,8 +439,10 @@ class AAM_Shared_Manager {
439
  $uid = (isset($args[2]) && is_numeric($args[2]) ? $args[2] : 0);
440
 
441
  // Apply policy first
442
- if (AAM::api()->isAllowed("Capability:{$capability}") === true) {
443
- $caps = $this->updateCapabilities($caps, $meta, true);
 
 
444
  }
445
 
446
  switch($capability) {
439
  $uid = (isset($args[2]) && is_numeric($args[2]) ? $args[2] : 0);
440
 
441
  // Apply policy first
442
+ $effect = AAM::api()->isAllowed("Capability:{$capability}");
443
+
444
+ if ($effect !== null) {
445
+ $caps = $this->updateCapabilities($caps, $meta, $effect);
446
  }
447
 
448
  switch($capability) {
aam.php CHANGED
@@ -3,7 +3,7 @@
3
  /**
4
  Plugin Name: Advanced Access Manager
5
  Description: All you need to manage access to your WordPress website
6
- Version: 5.7
7
  Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  Author URI: https://vasyltech.com
9
 
3
  /**
4
  Plugin Name: Advanced Access Manager
5
  Description: All you need to manage access to your WordPress website
6
+ Version: 5.7.1
7
  Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  Author URI: https://vasyltech.com
9
 
media/js/aam-5.7.js CHANGED
@@ -1329,6 +1329,25 @@
1329
  * @returns {void}
1330
  */
1331
  (function ($) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1332
  function initialize() {
1333
  var container = '#policy-content';
1334
 
@@ -1377,7 +1396,7 @@
1377
  $(container).append($('<i/>', {
1378
  'class': 'aam-row-action text-muted icon-check-empty'
1379
  }).bind('click', function () {
1380
- applyPolicy({
1381
  type: getAAM().getSubject().type,
1382
  id: getAAM().getSubject().id
1383
  }, data[0], 1, this);
@@ -1391,7 +1410,7 @@
1391
  $(container).append($('<i/>', {
1392
  'class': 'aam-row-action text-success icon-check'
1393
  }).bind('click', function () {
1394
- applyPolicy({
1395
  type: getAAM().getSubject().type,
1396
  id: getAAM().getSubject().id
1397
  }, data[0], 0, this);
1329
  * @returns {void}
1330
  */
1331
  (function ($) {
1332
+
1333
+ /**
1334
+ *
1335
+ * @param {type} subject
1336
+ * @param {type} id
1337
+ * @param {type} effect
1338
+ * @param {type} btn
1339
+ * @returns {undefined}
1340
+ */
1341
+ function save(subject, id, effect, btn) {
1342
+ $('#aam-policy-overwrite').show();
1343
+
1344
+ applyPolicy(subject, id, effect, btn);
1345
+ }
1346
+
1347
+ /**
1348
+ *
1349
+ * @returns {undefined}
1350
+ */
1351
  function initialize() {
1352
  var container = '#policy-content';
1353
 
1396
  $(container).append($('<i/>', {
1397
  'class': 'aam-row-action text-muted icon-check-empty'
1398
  }).bind('click', function () {
1399
+ save({
1400
  type: getAAM().getSubject().type,
1401
  id: getAAM().getSubject().id
1402
  }, data[0], 1, this);
1410
  $(container).append($('<i/>', {
1411
  'class': 'aam-row-action text-success icon-check'
1412
  }).bind('click', function () {
1413
+ save({
1414
  type: getAAM().getSubject().type,
1415
  id: getAAM().getSubject().id
1416
  }, data[0], 0, this);
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
  === Advanced Access Manager ===
2
- Contributors: vasyltech,noelalvarez
3
  Tags: access control, membership, backend menu, user role, restricted content
4
  Requires at least: 4.0
5
  Tested up to: 4.9.8
6
- Stable tag: 5.7
7
 
8
  All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
9
 
@@ -76,6 +76,12 @@ https://www.youtube.com/watch?v=mj5Xa_Wc16Y
76
 
77
  == Changelog ==
78
 
 
 
 
 
 
 
79
  = 5.7 =
80
  * Added a huge innovation to the access control management - Access & Security Policy
81
  * Fixed the bug with updating extension versions
1
  === Advanced Access Manager ===
2
+ Contributors: vasyltech
3
  Tags: access control, membership, backend menu, user role, restricted content
4
  Requires at least: 4.0
5
  Tested up to: 4.9.8
6
+ Stable tag: 5.7.1
7
 
8
  All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
9
 
76
 
77
  == Changelog ==
78
 
79
+ = 5.7.1 =
80
+ * Fixed the bug with AAM notifications related to extension updates
81
+ * Fixed the bug with AAM not taking in consideration capabilities that defined in policy
82
+ * Improved the way show_admin_bar capability is handled
83
+ * Added ability to define Conditions to the Statement Policy document
84
+
85
  = 5.7 =
86
  * Added a huge innovation to the access control management - Access & Security Policy
87
  * Fixed the bug with updating extension versions