Version Description
- Fixed the bug with saving Metaboxes & Widgets settings
- Fixed the bug with saving Access Policy that has backward slashes in it
- Fixed the bug with fetching Param values from the Access Policies
- Fixed the bug with Access Policy resource "Role" when Effect is set to "deny"
- Adjusted AAM core to prevent PHP warning when edit_user or delete_user capability is checked without user ID provided (caused by other plugins)
Download this release
Release Info
Developer | vasyltech |
Plugin | Advanced Access Manager |
Version | 5.9.1.1 |
Comparing to | |
See all releases |
Code changes from version 5.9.1 to 5.9.1.1
- Application/Backend/Feature/Main/Metabox.php +1 -3
- Application/Backend/Feature/Main/Policy.php +5 -5
- Application/Backend/Manager.php +1 -1
- Application/Core/Policy/Manager.php +4 -5
- Application/Core/Subject/User.php +27 -3
- Application/Extension/List.php +2 -2
- Application/Shared/Manager.php +3 -1
- aam.php +1 -1
- readme.txt +8 -1
Application/Backend/Feature/Main/Metabox.php
CHANGED
@@ -38,11 +38,9 @@ class AAM_Backend_Feature_Main_Metabox extends AAM_Backend_Feature_Abstract {
|
|
38 |
$object = AAM_Backend_Subject::getInstance()->getObject('metabox');
|
39 |
|
40 |
foreach($items as $item) {
|
41 |
-
$object->
|
42 |
}
|
43 |
|
44 |
-
$object->save();
|
45 |
-
|
46 |
return wp_json_encode(array('status' => 'success'));
|
47 |
}
|
48 |
|
38 |
$object = AAM_Backend_Subject::getInstance()->getObject('metabox');
|
39 |
|
40 |
foreach($items as $item) {
|
41 |
+
$object->save($item, $status);
|
42 |
}
|
43 |
|
|
|
|
|
44 |
return wp_json_encode(array('status' => 'success'));
|
45 |
}
|
46 |
|
Application/Backend/Feature/Main/Policy.php
CHANGED
@@ -39,11 +39,11 @@ class AAM_Backend_Feature_Main_Policy extends AAM_Backend_Feature_Abstract {
|
|
39 |
|
40 |
$result = wp_insert_post(array(
|
41 |
'post_author' => get_current_user_id(),
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
|
47 |
));
|
48 |
|
49 |
if (!is_wp_error($result)) {
|
39 |
|
40 |
$result = wp_insert_post(array(
|
41 |
'post_author' => get_current_user_id(),
|
42 |
+
'post_content' => $json,
|
43 |
+
'post_title' => $package->title,
|
44 |
+
'post_excerpt' => $package->description,
|
45 |
+
'post_status' => 'publish',
|
46 |
+
'post_type' => 'aam_policy'
|
47 |
));
|
48 |
|
49 |
if (!is_wp_error($result)) {
|
Application/Backend/Manager.php
CHANGED
@@ -230,7 +230,7 @@ class AAM_Backend_Manager {
|
|
230 |
$content = trim(filter_input(INPUT_POST, 'aam-policy'));
|
231 |
|
232 |
if (!empty($content)) { // Edit form was submitted
|
233 |
-
$data['post_content'] = $content;
|
234 |
}
|
235 |
|
236 |
if (empty($data['post_content'])) {
|
230 |
$content = trim(filter_input(INPUT_POST, 'aam-policy'));
|
231 |
|
232 |
if (!empty($content)) { // Edit form was submitted
|
233 |
+
$data['post_content'] = addslashes($content);
|
234 |
}
|
235 |
|
236 |
if (empty($data['post_content'])) {
|
Application/Core/Policy/Manager.php
CHANGED
@@ -169,10 +169,9 @@ final class AAM_Core_Policy_Manager {
|
|
169 |
*
|
170 |
* @access public
|
171 |
*/
|
172 |
-
public function getParam($
|
173 |
$value = null;
|
174 |
-
|
175 |
-
|
176 |
if (isset($this->tree['Param'][$id])) {
|
177 |
$param = $this->tree['Param'][$id];
|
178 |
|
@@ -310,10 +309,10 @@ final class AAM_Core_Policy_Manager {
|
|
310 |
// Step #1. If there are any statements, let's index them by resource:action
|
311 |
// and insert into the list of statements
|
312 |
foreach($addition['Statement'] as $stm) {
|
313 |
-
$
|
314 |
$acts = (isset($stm['Action']) ? (array) $stm['Action'] : array(''));
|
315 |
|
316 |
-
foreach($
|
317 |
foreach($acts as $act) {
|
318 |
$id = strtolower($res . (!empty($act) ? ":{$act}" : ''));
|
319 |
|
169 |
*
|
170 |
* @access public
|
171 |
*/
|
172 |
+
public function getParam($id, $args = array()) {
|
173 |
$value = null;
|
174 |
+
|
|
|
175 |
if (isset($this->tree['Param'][$id])) {
|
176 |
$param = $this->tree['Param'][$id];
|
177 |
|
309 |
// Step #1. If there are any statements, let's index them by resource:action
|
310 |
// and insert into the list of statements
|
311 |
foreach($addition['Statement'] as $stm) {
|
312 |
+
$list = (isset($stm['Resource']) ? (array) $stm['Resource'] : array());
|
313 |
$acts = (isset($stm['Action']) ? (array) $stm['Action'] : array(''));
|
314 |
|
315 |
+
foreach($list as $res) {
|
316 |
foreach($acts as $act) {
|
317 |
$id = strtolower($res . (!empty($act) ? ":{$act}" : ''));
|
318 |
|
Application/Core/Subject/User.php
CHANGED
@@ -118,15 +118,39 @@ class AAM_Core_Subject_User extends AAM_Core_Subject {
|
|
118 |
}
|
119 |
}
|
120 |
|
121 |
-
$subject->roles = $roles;
|
122 |
-
|
123 |
//reset the user capabilities
|
124 |
$subject->allcaps = array_merge($subject->allcaps, $roleCaps, $policyCaps, $this->aamCaps);
|
125 |
-
$subject->caps = array_merge($subject->caps,
|
126 |
|
127 |
//make sure that no capabilities are going outside of define boundary
|
128 |
$subject->allcaps = $this->applyCapabilityBoundaries($manager, $subject->allcaps);
|
129 |
$subject->caps = $this->applyCapabilityBoundaries($manager, $subject->caps);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
130 |
}
|
131 |
|
132 |
/**
|
118 |
}
|
119 |
}
|
120 |
|
|
|
|
|
121 |
//reset the user capabilities
|
122 |
$subject->allcaps = array_merge($subject->allcaps, $roleCaps, $policyCaps, $this->aamCaps);
|
123 |
+
$subject->caps = array_merge($subject->caps, $this->aamCaps);
|
124 |
|
125 |
//make sure that no capabilities are going outside of define boundary
|
126 |
$subject->allcaps = $this->applyCapabilityBoundaries($manager, $subject->allcaps);
|
127 |
$subject->caps = $this->applyCapabilityBoundaries($manager, $subject->caps);
|
128 |
+
|
129 |
+
// also delete all capabilities that are assigned to denied role ONLY
|
130 |
+
// $diff contains the list of roles that were denied for user
|
131 |
+
$diff = array_diff_key( $subject->roles, $roles);
|
132 |
+
|
133 |
+
// prepare the list of capabilities that potentially should be removed from
|
134 |
+
// user
|
135 |
+
$removeCaps = array();
|
136 |
+
foreach($diff as $role) {
|
137 |
+
$removeCaps = array_merge($removeCaps, $allRoles->get_role($role)->capabilities);
|
138 |
+
}
|
139 |
+
|
140 |
+
// prepare the list of capabilities that should still be assigned to user
|
141 |
+
$keepCaps = array();
|
142 |
+
foreach($roles as $role) {
|
143 |
+
$keepCaps = array_merge($keepCaps, $allRoles->get_role($role)->capabilities);
|
144 |
+
}
|
145 |
+
|
146 |
+
foreach(array_keys($removeCaps) as $key) {
|
147 |
+
if (!array_key_exists($key, $keepCaps)) {
|
148 |
+
unset($subject->allcaps[$key]);
|
149 |
+
if (isset($subject->caps[$key])) { unset($subject->caps[$key]); }
|
150 |
+
}
|
151 |
+
}
|
152 |
+
|
153 |
+
$subject->roles = $roles;
|
154 |
}
|
155 |
|
156 |
/**
|
Application/Extension/List.php
CHANGED
@@ -22,7 +22,7 @@ class AAM_Extension_List {
|
|
22 |
'description' => 'Get the complete list of all premium AAM extensions in one package and all future premium extensions already included for now additional cost.',
|
23 |
'url' => 'https://aamplugin.com/complete-package',
|
24 |
'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null),
|
25 |
-
'latest' => '3.8.
|
26 |
),
|
27 |
'AAM_PLUS_PACKAGE' => array(
|
28 |
'title' => 'Plus Package',
|
@@ -31,7 +31,7 @@ class AAM_Extension_List {
|
|
31 |
'description' => 'Manage access to your WordPress website posts, pages, media, custom post types, categories and hierarchical taxonomies for any role, individual user, visitors or even define default access for everybody; and do this separately for frontend, backend or API levels. As the bonus, define more granular access to how comments can be managed on the backend by other users.',
|
32 |
'url' => 'https://aamplugin.com/extension/plus-package',
|
33 |
'version' => (defined('AAM_PLUS_PACKAGE') ? constant('AAM_PLUS_PACKAGE') : null),
|
34 |
-
'latest' => '3.9.
|
35 |
),
|
36 |
'AAM_IP_CHECK' => array(
|
37 |
'title' => 'IP Check',
|
22 |
'description' => 'Get the complete list of all premium AAM extensions in one package and all future premium extensions already included for now additional cost.',
|
23 |
'url' => 'https://aamplugin.com/complete-package',
|
24 |
'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null),
|
25 |
+
'latest' => '3.8.17'
|
26 |
),
|
27 |
'AAM_PLUS_PACKAGE' => array(
|
28 |
'title' => 'Plus Package',
|
31 |
'description' => 'Manage access to your WordPress website posts, pages, media, custom post types, categories and hierarchical taxonomies for any role, individual user, visitors or even define default access for everybody; and do this separately for frontend, backend or API levels. As the bonus, define more granular access to how comments can be managed on the backend by other users.',
|
32 |
'url' => 'https://aamplugin.com/extension/plus-package',
|
33 |
'version' => (defined('AAM_PLUS_PACKAGE') ? constant('AAM_PLUS_PACKAGE') : null),
|
34 |
+
'latest' => '3.9.5'
|
35 |
),
|
36 |
'AAM_IP_CHECK' => array(
|
37 |
'title' => 'IP Check',
|
Application/Shared/Manager.php
CHANGED
@@ -448,7 +448,9 @@ class AAM_Shared_Manager {
|
|
448 |
switch($cap) {
|
449 |
case 'edit_user':
|
450 |
case 'delete_user':
|
451 |
-
|
|
|
|
|
452 |
break;
|
453 |
|
454 |
case 'install_plugins':
|
448 |
switch($cap) {
|
449 |
case 'edit_user':
|
450 |
case 'delete_user':
|
451 |
+
if (isset($args[0])) {
|
452 |
+
$caps = $this->authorizeUserUpdate($caps, $args[0]);
|
453 |
+
}
|
454 |
break;
|
455 |
|
456 |
case 'install_plugins':
|
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
Plugin Name: Advanced Access Manager
|
5 |
Description: All you need to manage access to your WordPress website
|
6 |
-
Version: 5.9.1
|
7 |
Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
Author URI: https://vasyltech.com
|
9 |
|
3 |
/**
|
4 |
Plugin Name: Advanced Access Manager
|
5 |
Description: All you need to manage access to your WordPress website
|
6 |
+
Version: 5.9.1.1
|
7 |
Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
Author URI: https://vasyltech.com
|
9 |
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: vasyltech
|
|
3 |
Tags: access control, membership, backend menu, user role, restricted content, security, jwt
|
4 |
Requires at least: 4.0
|
5 |
Tested up to: 5.1
|
6 |
-
Stable tag: 5.9.1
|
7 |
|
8 |
All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
|
9 |
|
@@ -79,6 +79,13 @@ https://www.youtube.com/watch?v=mj5Xa_Wc16Y
|
|
79 |
|
80 |
== Changelog ==
|
81 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
82 |
= 5.9.1 =
|
83 |
* Fixed the bug with controlling which capability can be deleted with Access Policy
|
84 |
* Fixed typo in the aam_edit_others_policies capability slug
|
3 |
Tags: access control, membership, backend menu, user role, restricted content, security, jwt
|
4 |
Requires at least: 4.0
|
5 |
Tested up to: 5.1
|
6 |
+
Stable tag: 5.9.1.1
|
7 |
|
8 |
All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
|
9 |
|
79 |
|
80 |
== Changelog ==
|
81 |
|
82 |
+
= 5.9.1.1 =
|
83 |
+
* Fixed the bug with saving Metaboxes & Widgets settings
|
84 |
+
* Fixed the bug with saving Access Policy that has backward slashes in it
|
85 |
+
* Fixed the bug with fetching Param values from the Access Policies
|
86 |
+
* Fixed the bug with Access Policy resource "Role" when Effect is set to "deny"
|
87 |
+
* Adjusted AAM core to prevent PHP warning when edit_user or delete_user capability is checked without user ID provided (caused by other plugins)
|
88 |
+
|
89 |
= 5.9.1 =
|
90 |
* Fixed the bug with controlling which capability can be deleted with Access Policy
|
91 |
* Fixed typo in the aam_edit_others_policies capability slug
|