Groups - Version 2.1.2

Version Description

  • Fixed a warning that came up when the post type in a query is provided as an array indicating multiple post types.
  • Users who can administer Groups (with the groups_admin_groups capability) now also see posts restricted to groups they do not belong to, in line with the ability to restrict access with groups they do not belong to for consistency's sake.
  • Added a filter on woocommerce_product_is_visible so protected up-sell and cross-sell products are effectively hidden.
Download this release

Release Info

Developer itthinx
Plugin Icon 128x128 Groups
Version 2.1.2
Comparing to
See all releases

Code changes from version 2.1.1 to 2.1.2

Files changed (7) hide show
  1. changelog.txt +8 -0
  2. groups.php +5 -2
  3. lib/access/class-groups-post-access.php +17 -5
  4. lib/admin/class-groups-admin-posts.php +41 -23
  5. lib/core/wp-init.php +5 -0
  6. lib/extra/class-groups-extra.php +57 -0
  7. readme.txt +13 -6
changelog.txt CHANGED
@@ -1,5 +1,13 @@
1
  == Groups by itthinx - changelog.txt ==
2
 
 
 
 
 
 
 
 
 
3
  = 2.1.1 =
4
  * Changed the default value for legacy mode used on installation to false. Fixes database errors
5
  due to missing capability table at that stage.
1
  == Groups by itthinx - changelog.txt ==
2
 
3
+ = 2.1.2 =
4
+ * Fixed a warning that came up when the post type in a query is provided as an array indicating multiple post types.
5
+ * Users who can administer Groups (with the groups_admin_groups capability) now also see posts restricted to groups
6
+ they do not belong to, in line with the ability to restrict access with groups they do not belong to for consistency's
7
+ sake.
8
+ * Added a filter on woocommerce_product_is_visible so protected up-sell and cross-sell products
9
+ are effectively hidden.
10
+
11
  = 2.1.1 =
12
  * Changed the default value for legacy mode used on installation to false. Fixes database errors
13
  due to missing capability table at that stage.
groups.php CHANGED
@@ -21,7 +21,7 @@
21
  * Plugin Name: Groups
22
  * Plugin URI: http://www.itthinx.com/plugins/groups
23
  * Description: Groups provides group-based user membership management, group-based capabilities and content access control.
24
- * Version: 2.1.1
25
  * Author: itthinx
26
  * Author URI: http://www.itthinx.com
27
  * Donate-Link: http://www.itthinx.com
@@ -32,7 +32,7 @@
32
  if ( !defined( 'ABSPATH' ) ) {
33
  exit;
34
  }
35
- define( 'GROUPS_CORE_VERSION', '2.1.1' );
36
  define( 'GROUPS_FILE', __FILE__ );
37
  if ( !defined( 'GROUPS_CORE_DIR' ) ) {
38
  define( 'GROUPS_CORE_DIR', untrailingslashit( plugin_dir_path( __FILE__ ) ) );
@@ -55,6 +55,9 @@ if ( !defined( 'GROUPS_VIEWS_LIB' ) ) {
55
  if ( !defined( 'GROUPS_WP_LIB' ) ) {
56
  define( 'GROUPS_WP_LIB', GROUPS_CORE_DIR . '/lib/wp' );
57
  }
 
 
 
58
  if ( !defined( 'GROUPS_LEGACY_LIB' ) ) {
59
  define( 'GROUPS_LEGACY_LIB', GROUPS_CORE_DIR . '/legacy' );
60
  }
21
  * Plugin Name: Groups
22
  * Plugin URI: http://www.itthinx.com/plugins/groups
23
  * Description: Groups provides group-based user membership management, group-based capabilities and content access control.
24
+ * Version: 2.1.2
25
  * Author: itthinx
26
  * Author URI: http://www.itthinx.com
27
  * Donate-Link: http://www.itthinx.com
32
  if ( !defined( 'ABSPATH' ) ) {
33
  exit;
34
  }
35
+ define( 'GROUPS_CORE_VERSION', '2.1.2' );
36
  define( 'GROUPS_FILE', __FILE__ );
37
  if ( !defined( 'GROUPS_CORE_DIR' ) ) {
38
  define( 'GROUPS_CORE_DIR', untrailingslashit( plugin_dir_path( __FILE__ ) ) );
55
  if ( !defined( 'GROUPS_WP_LIB' ) ) {
56
  define( 'GROUPS_WP_LIB', GROUPS_CORE_DIR . '/lib/wp' );
57
  }
58
+ if ( !defined( 'GROUPS_EXTRA_LIB' ) ) {
59
+ define( 'GROUPS_EXTRA_LIB', GROUPS_CORE_DIR . '/lib/extra' );
60
+ }
61
  if ( !defined( 'GROUPS_LEGACY_LIB' ) ) {
62
  define( 'GROUPS_LEGACY_LIB', GROUPS_CORE_DIR . '/legacy' );
63
  }
lib/access/class-groups-post-access.php CHANGED
@@ -89,6 +89,8 @@ class Groups_Post_Access {
89
  if ( apply_filters( 'groups_filter_the_posts', false ) ) {
90
  add_filter( 'the_posts', array( __CLASS__, 'the_posts' ), 1, 2 );
91
  }
 
 
92
  add_filter( 'wp_get_nav_menu_items', array( __CLASS__, 'wp_get_nav_menu_items' ), 1, 3 );
93
  // content access
94
  add_filter( 'get_the_excerpt', array( __CLASS__, 'get_the_excerpt' ), 1 );
@@ -174,6 +176,11 @@ class Groups_Post_Access {
174
  return $where;
175
  }
176
 
 
 
 
 
 
177
  // 1. Get all the groups that the user belongs to, including those that are inherited:
178
  $group_ids = array();
179
  if ( $user = new Groups_User( $user_id ) ) {
@@ -509,13 +516,18 @@ class Groups_Post_Access {
509
  $result = $cached->value;
510
  unset( $cached );
511
  } else {
512
- $groups_user = new Groups_User( $user_id );
513
- $group_ids = self::get_read_group_ids( $post_id );
514
- if ( empty( $group_ids ) ) {
515
  $result = true;
516
  } else {
517
- $ids = array_intersect( $groups_user->group_ids_deep, $group_ids );
518
- $result = !empty( $ids );
 
 
 
 
 
 
519
  }
520
  $result = apply_filters( 'groups_post_access_user_can_read_post', $result, $post_id, $user_id );
521
  Groups_Cache::set( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP );
89
  if ( apply_filters( 'groups_filter_the_posts', false ) ) {
90
  add_filter( 'the_posts', array( __CLASS__, 'the_posts' ), 1, 2 );
91
  }
92
+ // If we had a get_post filter https://core.trac.wordpress.org/ticket/12955
93
+ // add_filter( 'get_post', ... );
94
  add_filter( 'wp_get_nav_menu_items', array( __CLASS__, 'wp_get_nav_menu_items' ), 1, 3 );
95
  // content access
96
  add_filter( 'get_the_excerpt', array( __CLASS__, 'get_the_excerpt' ), 1 );
176
  return $where;
177
  }
178
 
179
+ // Groups admins see everything
180
+ if ( current_user_can( GROUPS_ADMINISTER_GROUPS ) ) {
181
+ return $where;
182
+ }
183
+
184
  // 1. Get all the groups that the user belongs to, including those that are inherited:
185
  $group_ids = array();
186
  if ( $user = new Groups_User( $user_id ) ) {
516
  $result = $cached->value;
517
  unset( $cached );
518
  } else {
519
+ // admin override and Groups admins see everything
520
+ if ( _groups_admin_override() || current_user_can( GROUPS_ADMINISTER_GROUPS ) ) {
 
521
  $result = true;
522
  } else {
523
+ $groups_user = new Groups_User( $user_id );
524
+ $group_ids = self::get_read_group_ids( $post_id );
525
+ if ( empty( $group_ids ) ) {
526
+ $result = true;
527
+ } else {
528
+ $ids = array_intersect( $groups_user->group_ids_deep, $group_ids );
529
+ $result = !empty( $ids );
530
+ }
531
  }
532
  $result = apply_filters( 'groups_post_access_user_can_read_post', $result, $post_id, $user_id );
533
  Groups_Cache::set( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP );
lib/admin/class-groups-admin-posts.php CHANGED
@@ -211,7 +211,7 @@ class Groups_Admin_Posts {
211
  $output .= '</label>';
212
 
213
  $user = new Groups_User( get_current_user_id() );
214
- $include = $user->group_ids_deep;
215
  $groups = Groups_Group::get_groups( array( 'order_by' => 'name', 'order' => 'ASC', 'include' => $include ) );
216
 
217
  $output .= '<div class="groups-groups-container">';
@@ -526,20 +526,29 @@ class Groups_Admin_Posts {
526
  $result = false;
527
  if ( is_admin() ) {
528
  // check if query is for a post type we handle
529
- $post_type = $query->get( 'post_type' );
530
- $post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
531
- if ( !isset( $post_types_option[$post_type]['add_meta_box'] ) || $post_types_option[$post_type]['add_meta_box'] ) {
532
- // only act on post etc. screens
533
- $screen = get_current_screen();
 
534
  if (
535
- !empty( $screen ) &&
536
- !empty( $screen->id ) &&
537
- ( $screen->id == 'edit-' . $post_type )
538
- ) {
539
- if ( $query->get( 'orderby' ) == self::GROUPS_READ ) {
540
- $result = true;
 
 
 
 
 
 
 
 
541
  }
542
- }
543
  }
544
  }
545
  return $result;
@@ -555,21 +564,30 @@ class Groups_Admin_Posts {
555
  $result = false;
556
  if ( is_admin() ) {
557
  // check if query is for a post type we handle
558
- $post_type = $query->get( 'post_type' );
559
  $post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
560
- if ( !isset( $post_types_option[$post_type]['add_meta_box'] ) || $post_types_option[$post_type]['add_meta_box'] ) {
561
- // only act on post etc. screens
562
- $screen = get_current_screen();
 
563
  if (
564
- !empty( $screen ) &&
565
- !empty( $screen->id ) &&
566
- ( $screen->id == 'edit-' . $post_type )
567
  ) {
 
 
568
  if (
569
- !empty( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] ) &&
570
- is_array( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] )
 
571
  ) {
572
- $result = true;
 
 
 
 
 
 
573
  }
574
  }
575
  }
211
  $output .= '</label>';
212
 
213
  $user = new Groups_User( get_current_user_id() );
214
+ $include = Groups_Access_Meta_Boxes::get_user_can_restrict_group_ids( get_current_user_id() );
215
  $groups = Groups_Group::get_groups( array( 'order_by' => 'name', 'order' => 'ASC', 'include' => $include ) );
216
 
217
  $output .= '<div class="groups-groups-container">';
526
  $result = false;
527
  if ( is_admin() ) {
528
  // check if query is for a post type we handle
529
+ $post_types = $query->get( 'post_type' );
530
+ if ( !is_array( $post_types ) ) {
531
+ $post_types = array( $post_types );
532
+ }
533
+ foreach( $post_types as $post_type ) {
534
+ $post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
535
  if (
536
+ !isset( $post_types_option[$post_type]['add_meta_box'] ) ||
537
+ $post_types_option[$post_type]['add_meta_box']
538
+ ) {
539
+ // only act on post etc. screens
540
+ $screen = get_current_screen();
541
+ if (
542
+ !empty( $screen ) &&
543
+ !empty( $screen->id ) &&
544
+ ( $screen->id == 'edit-' . $post_type )
545
+ ) {
546
+ if ( $query->get( 'orderby' ) == self::GROUPS_READ ) {
547
+ $result = true;
548
+ break;
549
+ }
550
  }
551
+ }
552
  }
553
  }
554
  return $result;
564
  $result = false;
565
  if ( is_admin() ) {
566
  // check if query is for a post type we handle
567
+ $post_types = $query->get( 'post_type' );
568
  $post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
569
+ if ( !is_array( $post_types ) ) {
570
+ $post_types = array( $post_types );
571
+ }
572
+ foreach( $post_types as $post_type ) {
573
  if (
574
+ !isset( $post_types_option[$post_type]['add_meta_box'] ) ||
575
+ $post_types_option[$post_type]['add_meta_box']
 
576
  ) {
577
+ // only act on post etc. screens
578
+ $screen = get_current_screen();
579
  if (
580
+ !empty( $screen ) &&
581
+ !empty( $screen->id ) &&
582
+ ( $screen->id == 'edit-' . $post_type )
583
  ) {
584
+ if (
585
+ !empty( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] ) &&
586
+ is_array( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] )
587
+ ) {
588
+ $result = true;
589
+ break;
590
+ }
591
  }
592
  }
593
  }
lib/core/wp-init.php CHANGED
@@ -116,6 +116,11 @@ require_once( GROUPS_VIEWS_LIB . '/class-groups-shortcodes.php' );
116
  */
117
  require_once( GROUPS_WP_LIB . '/class-groups-wordpress.php' );
118
 
 
 
 
 
 
119
  // widgets
120
  // include_once( GROUPS_CORE_LIB . '/class-groups-widgets.php' );
121
  // add_action( 'widgets_init', 'groups_widgets_init' );
116
  */
117
  require_once( GROUPS_WP_LIB . '/class-groups-wordpress.php' );
118
 
119
+ /**
120
+ * Extras ...
121
+ */
122
+ require_once GROUPS_EXTRA_LIB . '/class-groups-extra.php';
123
+
124
  // widgets
125
  // include_once( GROUPS_CORE_LIB . '/class-groups-widgets.php' );
126
  // add_action( 'widgets_init', 'groups_widgets_init' );
lib/extra/class-groups-extra.php ADDED
@@ -0,0 +1,57 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * class-groups-extra.php
4
+ *
5
+ * Copyright (c) "kento" Karim Rahimpur www.itthinx.com
6
+ *
7
+ * This code is released under the GNU General Public License.
8
+ * See COPYRIGHT.txt and LICENSE.txt.
9
+ *
10
+ * This code is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * This header and all notices must be kept intact.
16
+ *
17
+ * @author Karim Rahimpur
18
+ * @package groups
19
+ * @since groups 2.1.2
20
+ */
21
+
22
+ if ( !defined( 'ABSPATH' ) ) {
23
+ exit;
24
+ }
25
+
26
+ /**
27
+ * Compatibility actions, filters, etc as needed.
28
+ */
29
+ class Groups_Extra {
30
+
31
+ /**
32
+ * Registers actions, filters ...
33
+ */
34
+ public static function init() {
35
+ add_filter( 'woocommerce_product_is_visible', array( __CLASS__, 'woocommerce_product_is_visible' ), 10, 2 );
36
+ }
37
+
38
+ /**
39
+ * Up-sell and cross-sell products are obtained directly by their ids and
40
+ * no normal filters are executed that would hide them. This filter is used
41
+ * instead to determine the visibility.
42
+ *
43
+ * If at some point we had a get_post filter in WordPress, it could filter these
44
+ * and we wouldn't need this.
45
+ *
46
+ * @param boolean $visible
47
+ * @param int $product_id
48
+ * @return boolean
49
+ */
50
+ public static function woocommerce_product_is_visible( $visible, $product_id ) {
51
+ if ( $visible ) {
52
+ $visible = Groups_Post_Access::user_can_read_post( $product_id );
53
+ }
54
+ return $visible;
55
+ }
56
+ }
57
+ add_action( 'init', array( 'Groups_Extra', 'init' ) );
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === Groups ===
2
  Contributors: itthinx, proaktion
3
  Donate link: http://www.itthinx.com/plugins/groups
4
- Tags: access, access control, capability, capabilities, content, download, downloads, file, file access, files, group, groups, member, members, membership, memberships, paypal, permission, permissions, subscription, subscriptions, woocommerce
5
  Requires at least: 4.0
6
- Tested up to: 4.7.3
7
- Stable tag: 2.1.1
8
  License: GPLv3
9
 
10
  Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.
@@ -187,9 +187,16 @@ See also the [Groups Documentation](http://docs.itthinx.com/document/groups/) pa
187
  13. Options - you can adjust the plugin's settings here.
188
  14. More options.
189
 
190
-
191
  == Changelog ==
192
 
 
 
 
 
 
 
 
 
193
  = 2.1.1 =
194
  * Changed the default value for legacy mode used on installation to false. Fixes database errors
195
  due to missing capability table at that stage.
@@ -232,6 +239,6 @@ See also the [Groups Documentation](http://docs.itthinx.com/document/groups/) pa
232
 
233
  == Upgrade Notice ==
234
 
235
- = 2.1.1 =
236
  Groups 2.x simplifies the way access restrictions are handled.
237
- This release contains several fixes for errors and warnings, improves the plugin's security and improves the translation load process.
1
  === Groups ===
2
  Contributors: itthinx, proaktion
3
  Donate link: http://www.itthinx.com/plugins/groups
4
+ Tags: groups, access, access control, membership, memberships, member, members, capability, capabilities, content, download, downloads, file, file access, files, paypal, permission, permissions, subscription, subscriptions, woocommerce
5
  Requires at least: 4.0
6
+ Tested up to: 4.7.4
7
+ Stable tag: 2.1.2
8
  License: GPLv3
9
 
10
  Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.
187
  13. Options - you can adjust the plugin's settings here.
188
  14. More options.
189
 
 
190
  == Changelog ==
191
 
192
+ = 2.1.2 =
193
+ * Fixed a warning that came up when the post type in a query is provided as an array indicating multiple post types.
194
+ * Users who can administer Groups (with the groups_admin_groups capability) now also see posts restricted to groups
195
+ they do not belong to, in line with the ability to restrict access with groups they do not belong to for consistency's
196
+ sake.
197
+ * Added a filter on woocommerce_product_is_visible so protected up-sell and cross-sell products
198
+ are effectively hidden.
199
+
200
  = 2.1.1 =
201
  * Changed the default value for legacy mode used on installation to false. Fixes database errors
202
  due to missing capability table at that stage.
239
 
240
  == Upgrade Notice ==
241
 
242
+ = 2.1.2 =
243
  Groups 2.x simplifies the way access restrictions are handled.
244
+ This release contains improvements and fixes related to the visibility of posts by Groups administrators, internal procedures and compatibility with other plugins.