Capability Manager Enhanced - Version 1.7.4

Version Description

  • 1 May 2019 =
    • Fixed : On some sites, capabilities added dynamically by other code were forced into stored role definition (and could not be removed).
    • Fixed : Negative role capabilities could not be directly unset (had to be checked, saved, then unchecked).
Download this release

Release Info

Developer kevinB
Plugin Icon 128x128 Capability Manager Enhanced
Version 1.7.4
Comparing to
See all releases

Code changes from version 1.7.3 to 1.7.4

capsman-enhanced.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: Capability Manager Enhanced
4
* Plugin URI: https://publishpress.com
5
* Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
6
- * Version: 1.7.3
7
* Author: PublishPress
8
* Author URI: https://publishpress.com
9
* Text Domain: capsman-enhanced
@@ -23,12 +23,12 @@
23
* @copyright Copyright (C) 2009, 2010 Jordi Canals; modifications Copyright (C) 2019 PublishPress
24
* @license GNU General Public License version 3
25
* @link https://publishpress.com
26
- * @version 1.7.3
27
*/
28
29
if ( ! defined( 'CAPSMAN_VERSION' ) ) {
30
- define( 'CAPSMAN_VERSION', '1.7.3' );
31
- define( 'CAPSMAN_ENH_VERSION', '1.7.3' );
32
}
33
34
if ( cme_is_plugin_active( 'capsman.php' ) ) {
3
* Plugin Name: Capability Manager Enhanced
4
* Plugin URI: https://publishpress.com
5
* Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
6
+ * Version: 1.7.4
7
* Author: PublishPress
8
* Author URI: https://publishpress.com
9
* Text Domain: capsman-enhanced
23
* @copyright Copyright (C) 2009, 2010 Jordi Canals; modifications Copyright (C) 2019 PublishPress
24
* @license GNU General Public License version 3
25
* @link https://publishpress.com
26
+ * @version 1.7.4
27
*/
28
29
if ( ! defined( 'CAPSMAN_VERSION' ) ) {
30
+ define( 'CAPSMAN_VERSION', '1.7.4' );
31
+ define( 'CAPSMAN_ENH_VERSION', '1.7.4' );
32
}
33
34
if ( cme_is_plugin_active( 'capsman.php' ) ) {
includes/handler.php CHANGED
@@ -182,6 +182,7 @@ class CapsmanHandler
182
$role->name = $role_name;
183
184
$stored_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(true, 1) ) : array();
185
186
$old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
187
$new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
@@ -189,7 +190,7 @@ class CapsmanHandler
189
190
// Find caps to add and remove
191
$add_caps = array_diff_key($new_caps, $old_caps);
192
- $del_caps = array_diff_key($old_caps, $new_caps);
193
194
$changed_caps = array();
195
foreach( array_intersect_key( $new_caps, $old_caps ) as $cap_name => $cap_val ) {
@@ -226,6 +227,8 @@ class CapsmanHandler
226
$role->remove_cap($cap);
227
}
228
229
if ( is_multisite() && is_super_admin() && ( 1 == get_current_blog_id() ) ) {
230
if ( ! $autocreate_roles = get_site_option( 'cme_autocreate_roles' ) )
231
$autocreate_roles = array();
182
$role->name = $role_name;
183
184
$stored_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(true, 1) ) : array();
185
+ $stored_negative_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(false) ) : array();
186
187
$old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
188
$new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
190
191
// Find caps to add and remove
192
$add_caps = array_diff_key($new_caps, $old_caps);
193
+ $del_caps = array_diff_key(array_merge($old_caps, $stored_negative_role_caps), $new_caps);
194
195
$changed_caps = array();
196
foreach( array_intersect_key( $new_caps, $old_caps ) as $cap_name => $cap_val ) {
227
$role->remove_cap($cap);
228
}
229
230
+ $this->cm->log_db_roles();
231
+
232
if ( is_multisite() && is_super_admin() && ( 1 == get_current_blog_id() ) ) {
233
if ( ! $autocreate_roles = get_site_option( 'cme_autocreate_roles' ) )
234
$autocreate_roles = array();
includes/manager.php CHANGED
@@ -183,29 +183,34 @@ class CapabilityManager
183
// Users with roles that cannot be managed, are not allowed to be edited.
184
add_filter('map_meta_cap', array(&$this, 'filterUserEdit'), 10, 4);
185
186
- // ensure storage, retrieval of db-stored customizations to bbPress dynamic roles
187
- global $wpdb;
188
- $role_key = $wpdb->prefix . 'user_roles';
189
- add_filter( 'option_' . $role_key, array( &$this, 'log_db_roles' ), 0 );
190
- add_filter( 'option_' . $role_key, array( &$this, 'reinstate_db_roles' ), 50 );
191
192
add_filter( 'plugins_loaded', array( &$this, 'processRoleUpdate' ) );
193
}
194
-
195
- function log_db_roles( $passthru_roles ) {
196
- global $wp_roles;
197
198
- if ( isset($wp_roles) )
199
- $this->log_db_role_objects = $wp_roles->role_objects;
200
201
- return $passthru_roles;
202
}
203
-
204
// note: this is only applied when accessing the cme role edit form
205
function reinstate_db_roles( $passthru_roles = array() ) {
206
global $wp_roles;
207
208
- if ( $this->log_db_role_objects ) {
209
$intersect = array_intersect_key( $wp_roles->role_objects, $this->log_db_role_objects );
210
foreach( array_keys( $intersect ) as $key ) {
211
if ( ! empty( $this->log_db_role_objects[$key]->capabilities ) )
@@ -351,18 +356,16 @@ class CapabilityManager
351
}
352
353
function processRoleUpdate() {
354
- $this->current = get_option('default_role'); // By default we manage the default role.
355
-
356
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && ( ! empty($_REQUEST['SaveRole']) || ! empty($_REQUEST['AddCap']) ) ) {
357
if ( ! current_user_can('manage_capabilities') && ! current_user_can('administrator') ) {
358
// TODO: Implement exceptions.
359
wp_die('<strong>' .__('What do you think you\'re doing?!?', 'capsman-enhanced') . '</strong>');
360
}
361
362
- //$this->current = get_option('default_role'); // By default we manage the default role.
363
-
364
- check_admin_referer('capsman-general-manager');
365
- $this->processAdminGeneral();
366
}
367
}
368
@@ -397,11 +400,15 @@ class CapabilityManager
397
$capsman_modify = new CapsmanHandler( $this );
398
$capsman_modify->adminDeleteRole();
399
}
400
-
401
if ( ! in_array($this->current, $roles) ) { // Current role has been deleted.
402
$this->current = array_shift($roles);
403
}
404
-
405
include ( dirname(CME_FILE) . '/includes/admin.php' );
406
}
407
183
// Users with roles that cannot be managed, are not allowed to be edited.
184
add_filter('map_meta_cap', array(&$this, 'filterUserEdit'), 10, 4);
185
186
+ // ensure storage, retrieval of db-stored customizations to dynamic roles
187
+ if ( isset($_REQUEST['page']) && in_array( $_REQUEST['page'], array( 'capsman', 'capsman-tool' ) ) ) {
188
+ global $wpdb;
189
+ $role_key = $wpdb->prefix . 'user_roles';
190
+ $this->log_db_roles();
191
+ add_filter( 'option_' . $role_key, array( &$this, 'reinstate_db_roles' ), PHP_INT_MAX );
192
+ }
193
194
add_filter( 'plugins_loaded', array( &$this, 'processRoleUpdate' ) );
195
}
196
197
+ // Direct query of stored role definitions
198
+ function log_db_roles( $legacy_arg = '' ) {
199
+ global $wpdb;
200
201
+ $results = (array) maybe_unserialize( $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '{$wpdb->prefix}user_roles' LIMIT 1") );
202
+ foreach( $results as $_role_name => $_role ) {
203
+ $this->log_db_role_objects[$_role_name] = (object) $_role;
204
+ }
205
+
206
+ return $legacy_arg;
207
}
208
+
209
// note: this is only applied when accessing the cme role edit form
210
function reinstate_db_roles( $passthru_roles = array() ) {
211
global $wp_roles;
212
213
+ if ( isset($wp_roles) && $this->log_db_role_objects ) {
214
$intersect = array_intersect_key( $wp_roles->role_objects, $this->log_db_role_objects );
215
foreach( array_keys( $intersect ) as $key ) {
216
if ( ! empty( $this->log_db_role_objects[$key]->capabilities ) )
356
}
357
358
function processRoleUpdate() {
359
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && ( ! empty($_REQUEST['SaveRole']) || ! empty($_REQUEST['AddCap']) ) ) {
360
if ( ! current_user_can('manage_capabilities') && ! current_user_can('administrator') ) {
361
// TODO: Implement exceptions.
362
wp_die('<strong>' .__('What do you think you\'re doing?!?', 'capsman-enhanced') . '</strong>');
363
}
364
365
+ if ( ! empty($_REQUEST['current']) ) { // don't process role update unless form variable is received
366
+ check_admin_referer('capsman-general-manager');
367
+ $this->processAdminGeneral();
368
+ }
369
}
370
}
371
400
$capsman_modify = new CapsmanHandler( $this );
401
$capsman_modify->adminDeleteRole();
402
}
403
+
404
+ if ( ! isset($this->current) ) { // By default, we manage the default role
405
+ $this->current = get_option('default_role');
406
+ }
407
+
408
if ( ! in_array($this->current, $roles) ) { // Current role has been deleted.
409
$this->current = array_shift($roles);
410
}
411
+
412
include ( dirname(CME_FILE) . '/includes/admin.php' );
413
}
414
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
=== Capability Manager Enhanced===
2
Contributors: publishpress, kevinB, stevejburge, andergmartins
3
- Tags: roles, capabilities, manager, editor, rights, role, capability, types, taxonomies, network, multisite, default
4
Requires at least: 4.1
5
- Tested up to: 5.1
6
- Stable tag: 1.7.3
7
License: GPLv3
8
License URI: https://www.gnu.org/licenses/gpl-3.0.html
9
@@ -70,6 +70,10 @@ Keep in mind that this plugin's main purpose is to expose switches (defined capa
70
71
== Changelog ==
72
73
= 1.7.3 - 9 Apr 2019 =
74
* Fixed : Work around WP quirk of completely blocking admin page access for a post type if user lacks create capability for the post type and there are no other accessible items on the menu.
75
* Fixed : PHP Notices on Roles and Capabilities screen for non-Administrator with WooCommerce active
1
=== Capability Manager Enhanced===
2
Contributors: publishpress, kevinB, stevejburge, andergmartins
3
+ Tags: role, capabilities, post types, taxonomies, editor, network, multisite
4
Requires at least: 4.1
5
+ Tested up to: 5.2
6
+ Stable tag: 1.7.4
7
License: GPLv3
8
License URI: https://www.gnu.org/licenses/gpl-3.0.html
9
70
71
== Changelog ==
72
73
+ = 1.7.4 - 1 May 2019 =
74
+ * Fixed : On some sites, capabilities added dynamically by other code were forced into stored role definition (and could not be removed).
75
+ * Fixed : Negative role capabilities could not be directly unset (had to be checked, saved, then unchecked).
76
+
77
= 1.7.3 - 9 Apr 2019 =
78
* Fixed : Work around WP quirk of completely blocking admin page access for a post type if user lacks create capability for the post type and there are no other accessible items on the menu.
79
* Fixed : PHP Notices on Roles and Capabilities screen for non-Administrator with WooCommerce active