Advanced Access Manager - Version 5.9.1.1

Version Description

Fixed the bug with saving Metaboxes & Widgets settings
Fixed the bug with saving Access Policy that has backward slashes in it
Fixed the bug with fetching Param values from the Access Policies
Fixed the bug with Access Policy resource "Role" when Effect is set to "deny"
Adjusted AAM core to prevent PHP warning when edit_user or delete_user capability is checked without user ID provided (caused by other plugins)

Release Info

Developer	vasyltech
Plugin	Advanced Access Manager
Version	5.9.1.1
Comparing to
See all releases

Code changes from version 5.9.1 to 5.9.1.1

Files changed (9) hide show

Application/Backend/Feature/Main/Metabox.php +1 -3
Application/Backend/Feature/Main/Policy.php +5 -5
Application/Backend/Manager.php +1 -1
Application/Core/Policy/Manager.php +4 -5
Application/Core/Subject/User.php +27 -3
Application/Extension/List.php +2 -2
Application/Shared/Manager.php +3 -1
aam.php +1 -1
readme.txt +8 -1

Application/Backend/Feature/Main/Metabox.php CHANGED Viewed

	@@ -38,11 +38,9 @@ class AAM_Backend_Feature_Main_Metabox extends AAM_Backend_Feature_Abstract {
38	$object = AAM_Backend_Subject::getInstance()->getObject('metabox');
39
40	foreach($items as $item) {
41	- $object->~~updateOptionItem~~($item, $status);
42	}
43
44	- $object->save();
45	-
46	return wp_json_encode(array('status' => 'success'));
47	}
48


38	$object = AAM_Backend_Subject::getInstance()->getObject('metabox');
39
40	foreach($items as $item) {
41	+ $object->save($item, $status);
42	}
43


44	return wp_json_encode(array('status' => 'success'));
45	}
46

Application/Backend/Feature/Main/Policy.php CHANGED Viewed

	@@ -39,11 +39,11 @@ class AAM_Backend_Feature_Main_Policy extends AAM_Backend_Feature_Abstract {
39
40	$result = wp_insert_post(array(
41	'post_author' => get_current_user_id(),
42	- 'post_content' => $json,
43	- 'post_title' => $package->title,
44	- 'post_excerpt' => $package->description,
45	- 'post_status' => 'publish',
46	- 'post_type' => 'aam_policy'
47	));
48
49	if (!is_wp_error($result)) {


39
40	$result = wp_insert_post(array(
41	'post_author' => get_current_user_id(),
42	+ 'post_content' => $json,
43	+ 'post_title' => $package->title,
44	+ 'post_excerpt' => $package->description,
45	+ 'post_status' => 'publish',
46	+ 'post_type' => 'aam_policy'
47	));
48
49	if (!is_wp_error($result)) {

Application/Backend/Manager.php CHANGED Viewed

	@@ -230,7 +230,7 @@ class AAM_Backend_Manager {
230	$content = trim(filter_input(INPUT_POST, 'aam-policy'));
231
232	if (!empty($content)) { // Edit form was submitted
233	- $data['post_content'] = $content;
234	}
235
236	if (empty($data['post_content'])) {


230	$content = trim(filter_input(INPUT_POST, 'aam-policy'));
231
232	if (!empty($content)) { // Edit form was submitted
233	+ $data['post_content'] = addslashes($content);
234	}
235
236	if (empty($data['post_content'])) {

Application/Core/Policy/Manager.php CHANGED Viewed

	@@ -169,10 +169,9 @@ final class AAM_Core_Policy_Manager {
169	*
170	* @access public
171	*/
172	- public function getParam($~~name~~, $args = array()) {
173	$value = null;
174	- ~~$id = strtolower($name);~~
175	-
176	if (isset($this->tree['Param'][$id])) {
177	$param = $this->tree['Param'][$id];
178
	@@ -310,10 +309,10 @@ final class AAM_Core_Policy_Manager {
310	// Step #1. If there are any statements, let's index them by resource:action
311	// and insert into the list of statements
312	foreach($addition['Statement'] as $stm) {
313	- $~~ress~~ = (isset($stm['Resource']) ? (array) $stm['Resource'] : array());
314	$acts = (isset($stm['Action']) ? (array) $stm['Action'] : array(''));
315
316	- foreach($~~ress~~ as $res) {
317	foreach($acts as $act) {
318	$id = strtolower($res . (!empty($act) ? ":{$act}" : ''));
319


169	*
170	* @access public
171	*/
172	+ public function getParam($id, $args = array()) {
173	$value = null;
174	+

175	if (isset($this->tree['Param'][$id])) {
176	$param = $this->tree['Param'][$id];
177

309	// Step #1. If there are any statements, let's index them by resource:action
310	// and insert into the list of statements
311	foreach($addition['Statement'] as $stm) {
312	+ $list = (isset($stm['Resource']) ? (array) $stm['Resource'] : array());
313	$acts = (isset($stm['Action']) ? (array) $stm['Action'] : array(''));
314
315	+ foreach($list as $res) {
316	foreach($acts as $act) {
317	$id = strtolower($res . (!empty($act) ? ":{$act}" : ''));
318

Application/Core/Subject/User.php CHANGED Viewed

@@ -118,15 +118,39 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
+                        }
+                    }
-            -
                    $subject->roles = $roles;
-            -
                     //reset the user capabilities
                     $subject->allcaps = array_merge($subject->allcaps, $roleCaps, $policyCaps,  $this->aamCaps);
-            -
                    $subject->caps    = array_merge($subject->caps, $roleCaps, $policyCaps,  $this->aamCaps);
                     //make sure that no capabilities are going outside of define boundary
                     $subject->allcaps = $this->applyCapabilityBoundaries($manager, $subject->allcaps);
                     $subject->caps = $this->applyCapabilityBoundaries($manager, $subject->caps);
+                }
                 /**


118	}
119	}
120


121	//reset the user capabilities
122	$subject->allcaps = array_merge($subject->allcaps, $roleCaps, $policyCaps, $this->aamCaps);
123	+ $subject->caps = array_merge($subject->caps, $this->aamCaps);
124
125	//make sure that no capabilities are going outside of define boundary
126	$subject->allcaps = $this->applyCapabilityBoundaries($manager, $subject->allcaps);
127	$subject->caps = $this->applyCapabilityBoundaries($manager, $subject->caps);
128	+
129	+ // also delete all capabilities that are assigned to denied role ONLY
130	+ // $diff contains the list of roles that were denied for user
131	+ $diff = array_diff_key( $subject->roles, $roles);
132	+
133	+ // prepare the list of capabilities that potentially should be removed from
134	+ // user
135	+ $removeCaps = array();
136	+ foreach($diff as $role) {
137	+ $removeCaps = array_merge($removeCaps, $allRoles->get_role($role)->capabilities);
138	+ }
139	+
140	+ // prepare the list of capabilities that should still be assigned to user
141	+ $keepCaps = array();
142	+ foreach($roles as $role) {
143	+ $keepCaps = array_merge($keepCaps, $allRoles->get_role($role)->capabilities);
144	+ }
145	+
146	+ foreach(array_keys($removeCaps) as $key) {
147	+ if (!array_key_exists($key, $keepCaps)) {
148	+ unset($subject->allcaps[$key]);
149	+ if (isset($subject->caps[$key])) { unset($subject->caps[$key]); }
150	+ }
151	+ }
152	+
153	+ $subject->roles = $roles;
154	}
155
156	/**

Application/Extension/List.php CHANGED Viewed

	@@ -22,7 +22,7 @@ class AAM_Extension_List {
22	'description' => 'Get the complete list of all premium AAM extensions in one package and all future premium extensions already included for now additional cost.',
23	'url' => 'https://aamplugin.com/complete-package',
24	'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null),
25	- 'latest' => '3.8.16'
26	),
27	'AAM_PLUS_PACKAGE' => array(
28	'title' => 'Plus Package',
	@@ -31,7 +31,7 @@ class AAM_Extension_List {
31	'description' => 'Manage access to your WordPress website posts, pages, media, custom post types, categories and hierarchical taxonomies for any role, individual user, visitors or even define default access for everybody; and do this separately for frontend, backend or API levels. As the bonus, define more granular access to how comments can be managed on the backend by other users.',
32	'url' => 'https://aamplugin.com/extension/plus-package',
33	'version' => (defined('AAM_PLUS_PACKAGE') ? constant('AAM_PLUS_PACKAGE') : null),
34	- 'latest' => '3.9.4'
35	),
36	'AAM_IP_CHECK' => array(
37	'title' => 'IP Check',


22	'description' => 'Get the complete list of all premium AAM extensions in one package and all future premium extensions already included for now additional cost.',
23	'url' => 'https://aamplugin.com/complete-package',
24	'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null),
25	+ 'latest' => '3.8.17'
26	),
27	'AAM_PLUS_PACKAGE' => array(
28	'title' => 'Plus Package',

31	'description' => 'Manage access to your WordPress website posts, pages, media, custom post types, categories and hierarchical taxonomies for any role, individual user, visitors or even define default access for everybody; and do this separately for frontend, backend or API levels. As the bonus, define more granular access to how comments can be managed on the backend by other users.',
32	'url' => 'https://aamplugin.com/extension/plus-package',
33	'version' => (defined('AAM_PLUS_PACKAGE') ? constant('AAM_PLUS_PACKAGE') : null),
34	+ 'latest' => '3.9.5'
35	),
36	'AAM_IP_CHECK' => array(
37	'title' => 'IP Check',

Application/Shared/Manager.php CHANGED Viewed

	@@ -448,7 +448,9 @@ class AAM_Shared_Manager {
448	switch($cap) {
449	case 'edit_user':
450	case 'delete_user':
451	- ~~$caps~~ ~~= $this->authorizeUserUpdate~~($~~caps, $~~args[0]);


452	break;
453
454	case 'install_plugins':


448	switch($cap) {
449	case 'edit_user':
450	case 'delete_user':
451	+ if (isset($args[0])) {
452	+ $caps = $this->authorizeUserUpdate($caps, $args[0]);
453	+ }
454	break;
455
456	case 'install_plugins':

aam.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	Plugin Name: Advanced Access Manager
5	Description: All you need to manage access to your WordPress website
6	- Version: 5.9.1
7	Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	Author URI: https://vasyltech.com
9


3	/**
4	Plugin Name: Advanced Access Manager
5	Description: All you need to manage access to your WordPress website
6	+ Version: 5.9.1.1
7	Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	Author URI: https://vasyltech.com
9

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: vasyltech
3	Tags: access control, membership, backend menu, user role, restricted content, security, jwt
4	Requires at least: 4.0
5	Tested up to: 5.1
6	- Stable tag: 5.9.1
7
8	All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
9
	@@ -79,6 +79,13 @@ https://www.youtube.com/watch?v=mj5Xa_Wc16Y
79
80	== Changelog ==
81







82	= 5.9.1 =
83	* Fixed the bug with controlling which capability can be deleted with Access Policy
84	* Fixed typo in the aam_edit_others_policies capability slug


3	Tags: access control, membership, backend menu, user role, restricted content, security, jwt
4	Requires at least: 4.0
5	Tested up to: 5.1
6	+ Stable tag: 5.9.1.1
7
8	All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
9

79
80	== Changelog ==
81
82	+ = 5.9.1.1 =
83	+ * Fixed the bug with saving Metaboxes & Widgets settings
84	+ * Fixed the bug with saving Access Policy that has backward slashes in it
85	+ * Fixed the bug with fetching Param values from the Access Policies
86	+ * Fixed the bug with Access Policy resource "Role" when Effect is set to "deny"
87	+ * Adjusted AAM core to prevent PHP warning when edit_user or delete_user capability is checked without user ID provided (caused by other plugins)
88	+
89	= 5.9.1 =
90	* Fixed the bug with controlling which capability can be deleted with Access Policy
91	* Fixed typo in the aam_edit_others_policies capability slug