User Role Editor - Version 4.59

Version Description

Download this release

Release Info

Developer shinephp
Plugin Icon 128x128 User Role Editor
Version 4.59
Comparing to
See all releases

Code changes from version 4.58.3 to 4.59

Files changed (7) hide show
  1. changelog.txt +5 -0
  2. includes/classes/editor.php +186 -60
  3. includes/classes/role-view.php +1 -1
  4. includes/classes/user-role-editor.php +1 -1
  5. includes/define-constants.php +0 -1
  6. readme.txt +7 -13
  7. user-role-editor.php +2 -2
changelog.txt CHANGED
@@ -1,6 +1,11 @@
1
  CHANGES LOG (full version).
2
  ===========================
3
 
 
 
 
 
 
4
  = [4.58.3] 26.02.2021 =
5
  * Update: URE automatically adds custom taxonomies user capabilities to administrator role before opening "Users->User Role Editor" page.
6
  * Fix: Role changes were not saved with option "Confirm role update" switched off.
1
  CHANGES LOG (full version).
2
  ===========================
3
 
4
+ = [4.59] 02.04.2021 =
5
+ * Update: PHP constant URE_WP_ADMIN_URL was replaced with direct 'admin_url()' call to respect the 'admin_url' filter applied by the get_admin_url() WordPress API function.
6
+ * Update: Editing roles and capabilities granted to selected user ("Capabilities" link under user row at the "Users" list) executes 'add_user_role' or 'remove_user_role' actions only in case it really grants or revokes roles and/or capabilities.
7
+ Previous versions fully revoked and granted again all roles during user permissions update even in case roles list was not changed. It was leaded to the false execution of the mentioned add/remove role actions.
8
+
9
  = [4.58.3] 26.02.2021 =
10
  * Update: URE automatically adds custom taxonomies user capabilities to administrator role before opening "Users->User Role Editor" page.
11
  * Fix: Role changes were not saved with option "Confirm role update" switched off.
includes/classes/editor.php CHANGED
@@ -614,72 +614,54 @@ class URE_Editor {
614
  // end of check_blog_user()
615
 
616
 
617
-
618
- /**
619
- * Update user roles and capabilities
620
- *
621
- * @global WP_Roles $wp_roles
622
- * @param WP_User $user
623
- * @return boolean
624
- */
625
- protected function update_user( $user ) {
626
-
627
- if ( !is_a( $user, 'WP_User') ) {
628
- return false;
629
- }
630
 
631
- do_action( 'ure_before_user_permissions_update', $user->ID );
632
 
 
 
 
 
 
633
  $wp_roles = wp_roles();
634
 
635
- $multisite = $this->lib->get('multisite');
636
- if ($multisite) {
637
- if ( !$this->check_blog_user( $user ) ) {
638
- return false;
639
- }
640
- }
641
-
642
  $select_primary_role = apply_filters( 'ure_users_select_primary_role', true );
643
  if ( $select_primary_role || $this->lib->is_super_admin()) {
644
- $primary_role = isset( $_POST['values']['primary_role'] ) ? filter_var( $_POST['values']['primary_role'], FILTER_SANITIZE_STRING ) : false;
645
- if ( empty( $primary_role ) || !isset( $wp_roles->roles[$primary_role] ) ) {
646
- $primary_role = '';
647
  }
648
  } else {
649
- if ( !empty( $user->roles ) ) {
650
- $primary_role = $user->roles[0];
651
- } else {
652
- $primary_role = '';
653
- }
654
  }
655
 
 
 
 
 
 
 
 
656
  $bbpress = $this->lib->get_bbpress();
657
  if ( $bbpress->is_active() ) {
658
- $bbp_user_role = bbp_get_user_role( $user->ID );
659
  } else {
660
- $bbp_user_role = '';
661
  }
662
 
663
- $edit_user_caps_mode = $this->get_edit_user_caps_mode();
664
- if ( !$edit_user_caps_mode ) { // readonly mode
665
- $this->capabilities_to_save = $user->caps;
666
- }
 
 
 
 
 
 
 
 
667
 
668
- // revoke all roles and capabilities from this user
669
- $user->roles = array();
670
- $user->remove_all_caps();
671
-
672
- // restore primary role
673
- if ( !empty( $primary_role ) ) {
674
- $user->add_role( $primary_role );
675
- }
676
-
677
- // restore bbPress user role if he had one
678
- if ( !empty( $bbp_user_role ) ) {
679
- $user->add_role( $bbp_user_role );
680
- }
681
-
682
- // add other roles to user
683
  $post_values = isset( $_POST['values'] ) && is_array( $_POST['values'] ) ? $_POST['values'] : array();
684
  foreach ( $post_values as $key => $value ) {
685
  $result = preg_match( '/^wp_role_(.+)/', $key, $match );
@@ -688,22 +670,166 @@ class URE_Editor {
688
  }
689
  $role = $match[1];
690
  if ( !isset( $wp_roles->roles[$role] ) ) {
 
691
  continue;
692
  }
693
- $user->add_role( $role );
694
- if ( !$edit_user_caps_mode && isset( $this->capabilities_to_save[$role] ) ) {
695
- unset( $this->capabilities_to_save[$role] );
696
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
697
  }
698
 
699
- // add individual capabilities to user
700
- if ( count( $this->capabilities_to_save ) > 0) {
701
- foreach ($this->capabilities_to_save as $key => $value) {
702
- $user->add_cap( $key );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
703
  }
704
  }
705
- $user->update_user_level_from_caps();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
706
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
707
  do_action('ure_user_permissions_update', $user->ID, $user); // In order other plugins may hook to the user permissions update
708
 
709
  return true;
@@ -1308,7 +1434,7 @@ class URE_Editor {
1308
  <h1><?php _e('User Role Editor', 'user-role-editor'); ?></h1>
1309
  <div id="ure_container">
1310
  <div id="user_role_editor" class="ure-table-cell" >
1311
- <form id="ure_form" method="post" action="<?php echo URE_WP_ADMIN_URL . URE_PARENT . '?page=users-' . URE_PLUGIN_FILE; ?>" >
1312
  <div id="ure_form_controls">
1313
  <?php
1314
  $view->display();
614
  // end of check_blog_user()
615
 
616
 
617
+ private function get_user_primary_role( $user ) {
 
 
 
 
 
 
 
 
 
 
 
 
618
 
619
+ $role = ( is_array( $user->roles ) && count( $user->roles )>0 ) ? $user->roles[0] : '';
620
 
621
+ return $role;
622
+ }
623
+
624
+
625
+ private function get_new_primary_role( $user ) {
626
  $wp_roles = wp_roles();
627
 
 
 
 
 
 
 
 
628
  $select_primary_role = apply_filters( 'ure_users_select_primary_role', true );
629
  if ( $select_primary_role || $this->lib->is_super_admin()) {
630
+ $role = isset( $_POST['values']['primary_role'] ) ? filter_var( $_POST['values']['primary_role'], FILTER_SANITIZE_STRING ) : false;
631
+ if ( empty( $role ) || !isset( $wp_roles->roles[$role] ) ) {
632
+ $role = '';
633
  }
634
  } else {
635
+ $role = $this->get_user_primary_role( $user );
 
 
 
 
636
  }
637
 
638
+ return $role;
639
+ }
640
+ // end of get_new_primary_role()
641
+
642
+
643
+ private function get_bbpress_role( $user ) {
644
+
645
  $bbpress = $this->lib->get_bbpress();
646
  if ( $bbpress->is_active() ) {
647
+ $role = bbp_get_user_role( $user->ID );
648
  } else {
649
+ $role = '';
650
  }
651
 
652
+ return $role;
653
+ }
654
+ // end of get_bbpress_role()
655
+
656
+ /**
657
+ * Add other roles to roles array for this user, extracting selected values from the POST
658
+ *
659
+ * @param array $roles
660
+ */
661
+ private function add_other_roles( $roles ) {
662
+
663
+ $wp_roles = wp_roles();
664
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
665
  $post_values = isset( $_POST['values'] ) && is_array( $_POST['values'] ) ? $_POST['values'] : array();
666
  foreach ( $post_values as $key => $value ) {
667
  $result = preg_match( '/^wp_role_(.+)/', $key, $match );
670
  }
671
  $role = $match[1];
672
  if ( !isset( $wp_roles->roles[$role] ) ) {
673
+ // Skip role if it does not exist
674
  continue;
675
  }
676
+ if ( !in_array( $role, $roles ) ) {
677
+ $roles[] = $role;
678
+ }
679
+ }
680
+
681
+ return $roles;
682
+ }
683
+ // end of add_other_roles()
684
+
685
+
686
+ /**
687
+ * Provide a valid placement of a primary role - 1st element of roles array
688
+ *
689
+ * @param WP_User $user
690
+ * @param array $new_roles
691
+ */
692
+ private function set_primary_role( $user, $new_primary_role ) {
693
+
694
+
695
+ if ( count( $user->roles )<=1 ) {
696
+ // User does not have roles at all or has only single one
697
+ return;
698
+ }
699
+
700
+ $current_primary_role = reset( $user->roles );
701
+ if ( $current_primary_role === $new_primary_role ) {
702
+ // Current primary role is equal to a new one - nothing was changed
703
+ return;
704
+ }
705
+
706
+ // remove primary role from user capabilities array
707
+ unset( $user->caps[$new_primary_role] );
708
+ // insert new primary role as the 1st elemnt of user capabilities array
709
+ $user->caps = array($new_primary_role=>true) + $user->caps;
710
+
711
+ // update user permissions ar WordPress internal data structures - exactly the same way as WordPress itself does at WP_User::add_role()
712
+ update_user_meta( $user->ID, $user->cap_key, $user->caps );
713
+ $user->get_role_caps();
714
+ $user->update_user_level_from_caps();
715
+
716
+ }
717
+ // end of set_primary_role()
718
+
719
+
720
+ private function update_user_roles( $user, $new_roles ) {
721
+
722
+ foreach( $user->roles as $role ) {
723
+ if ( !in_array( $role, $new_roles ) ) {
724
+ $user->remove_role( $role );
725
+ }
726
+ }
727
+
728
+ foreach( $new_roles as $role ) {
729
+ if ( !in_array( $role, $user->roles ) ) {
730
+ $user->add_role( $role );
731
+ }
732
+ }
733
+
734
+ if ( !empty( $new_roles ) ) {
735
+ $this->set_primary_role( $user, $new_roles[0] );
736
  }
737
 
738
+ }
739
+ // end of update_user_roles()
740
+
741
+ /**
742
+ * Remove from user directly granted capabilities
743
+ *
744
+ * @param WP_User $user
745
+ */
746
+ private function remove_user_capabilities( $user, $caps_to_save ) {
747
+
748
+ if ( empty( $user->caps ) ) {
749
+ return;
750
+ }
751
+
752
+ $roles = wp_roles()->roles;
753
+ $roles_id = array_keys( $roles );
754
+ $caps = array_keys( $user->caps );
755
+ foreach( $caps as $cap ) {
756
+ if ( in_array( $cap, $roles_id ) ) {
757
+ // It's a role ID, skip it
758
+ continue;
759
+ }
760
+ if ( !in_array( $cap, $caps_to_save ) ) {
761
+ $user->remove_cap( $cap );
762
  }
763
  }
764
+
765
+ }
766
+ // end of remove_user_capabilities()
767
+
768
+
769
+ /**
770
+ * Update individual capabilities of the user
771
+ *
772
+ * @param WP_User $user
773
+ */
774
+ private function update_user_capabilities( $user ) {
775
+ // $edit_user_caps = $this->get_edit_user_caps_mode();
776
+
777
+ $caps_to_save = array_keys( $this->capabilities_to_save );
778
+ $this->remove_user_capabilities( $user, $caps_to_save );
779
+ $user_caps = array_keys( $user->caps );
780
+
781
+ // process new added capabilities
782
+ foreach ($caps_to_save as $cap ) {
783
+ if ( !in_array( $cap, $user_caps ) ) {
784
+ $user->add_cap( $cap );
785
+ }
786
+ }
787
+
788
+ }
789
+ // end of update_user_capabilities()
790
+
791
+
792
+ /**
793
+ * Update user roles and capabilities
794
+ *
795
+ * @global WP_Roles $wp_roles
796
+ * @param WP_User $user
797
+ * @return boolean
798
+ */
799
+ protected function update_user( $user ) {
800
+
801
+ if ( !is_a( $user, 'WP_User') ) {
802
+ return false;
803
+ }
804
+
805
+ do_action( 'ure_before_user_permissions_update', $user->ID );
806
 
807
+ $multisite = $this->lib->get('multisite');
808
+ if ($multisite) {
809
+ if ( !$this->check_blog_user( $user ) ) {
810
+ return false;
811
+ }
812
+ }
813
+
814
+ $new_primary_role = $this->get_new_primary_role( $user );
815
+ $bbp_role = $this->get_bbpress_role( $user );
816
+ // Build new roles array for the user
817
+ $new_roles = array();
818
+
819
+ // restore primary role
820
+ if ( !empty( $new_primary_role ) ) {
821
+ $new_roles[] = $new_primary_role;
822
+ }
823
+
824
+ // restore bbPress user role if user had one
825
+ if ( !empty( $bbp_role ) ) {
826
+ $new_roles[] = $bbp_role;
827
+ }
828
+
829
+ $new_roles = $this->add_other_roles( $new_roles );
830
+ $this->update_user_roles( $user, $new_roles );
831
+ $this->update_user_capabilities( $user );
832
+
833
  do_action('ure_user_permissions_update', $user->ID, $user); // In order other plugins may hook to the user permissions update
834
 
835
  return true;
1434
  <h1><?php _e('User Role Editor', 'user-role-editor'); ?></h1>
1435
  <div id="ure_container">
1436
  <div id="user_role_editor" class="ure-table-cell" >
1437
+ <form id="ure_form" method="post" action="<?php echo admin_url() . URE_PARENT . '?page=users-' . URE_PLUGIN_FILE; ?>" >
1438
  <div id="ure_form_controls">
1439
  <?php
1440
  $view->display();
includes/classes/role-view.php CHANGED
@@ -143,7 +143,7 @@ class URE_Role_View extends URE_View {
143
  ob_start();
144
  ?>
145
  <form name="ure_remove_caps_form" id="ure_remove_caps_form" method="POST"
146
- action="<?php echo URE_WP_ADMIN_URL . ($network_admin ? 'network/':'') . URE_PARENT .'?page=users-'.URE_PLUGIN_FILE;?>" >
147
  <table id="ure_remove_caps_table">
148
  <tr>
149
  <th>
143
  ob_start();
144
  ?>
145
  <form name="ure_remove_caps_form" id="ure_remove_caps_form" method="POST"
146
+ action="<?php echo admin_url() . ($network_admin ? 'network/':'') . URE_PARENT .'?page=users-'.URE_PLUGIN_FILE;?>" >
147
  <table id="ure_remove_caps_table">
148
  <tr>
149
  <th>
includes/classes/user-role-editor.php CHANGED
@@ -697,7 +697,7 @@ class User_Role_Editor {
697
 
698
  protected function get_ure_page_url() {
699
 
700
- $page_url = URE_WP_ADMIN_URL . URE_PARENT . '?page=users-' . URE_PLUGIN_FILE;
701
  $object = $this->lib->get_request_var('object', 'get');
702
  $user_id = (int) $this->lib->get_request_var('user_id', 'get', 'int');
703
  if ($object=='user' && $user_id>0) {
697
 
698
  protected function get_ure_page_url() {
699
 
700
+ $page_url = admin_url() . URE_PARENT . '?page=users-' . URE_PLUGIN_FILE;
701
  $object = $this->lib->get_request_var('object', 'get');
702
  $user_id = (int) $this->lib->get_request_var('user_id', 'get', 'int');
703
  if ($object=='user' && $user_id>0) {
includes/define-constants.php CHANGED
@@ -9,7 +9,6 @@
9
  *
10
  */
11
 
12
- define( 'URE_WP_ADMIN_URL', admin_url() );
13
  define( 'URE_ERROR', 'Error was encountered' );
14
  define( 'URE_PARENT', is_network_admin() ? 'network/users.php' : 'users.php' );
15
  define( 'URE_KEY_CAPABILITY', 'ure_manage_options' );
9
  *
10
  */
11
 
 
12
  define( 'URE_ERROR', 'Error was encountered' );
13
  define( 'URE_PARENT', is_network_admin() ? 'network/users.php' : 'users.php' );
14
  define( 'URE_KEY_CAPABILITY', 'ure_manage_options' );
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladi
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 5.7
7
- Stable tag: 4.58.3
8
  Requires PHP: 5.6
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -81,7 +81,12 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
81
 
82
  == Changelog =
83
 
84
- = [4.58.3] 26.02.2021 =
 
 
 
 
 
85
  * Update: URE automatically adds custom taxonomies user capabilities to administrator role before opening "Users->User Role Editor" page.
86
  * Fix: Role changes were not saved with option "Confirm role update" switched off.
87
 
@@ -100,17 +105,6 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
100
  * Fix: "JQMIGRATE: jQuery.fn.click() event shorthand is deprecated" notice was fixed.
101
  * Fix: "JQMIGRATE: Number-typed values are deprecated for jQuery.fn.css( (property name), value )" notice was fixed.
102
 
103
- = [4.57.1] 10.12.2020 =
104
- * Fix: Nextgen Gallery's user capabilities were not shown as granted after current role change via roles selection dropdown list.
105
- * Fix: PHP Warning: The magic method __wakeup() must have public visibility. __wakeup() method was defined as private as a part of the Singleton design partern. Method was redefined as public but with exception inside to prevent its usage.
106
- * Update: jQuery [MultiSelect](http://multiple-select.wenzhixin.net.cn/) plugin was updated to version 1.5.2
107
-
108
- = [4.57] 09.11.2020 =
109
- * Update: Marked as compatible with WordPress 5.6.
110
- * Update: " jQuery( document ).ready( handler ) " was replaced globally with " jQuery( handler ) " for compatibility with [jQuery 3.0](https://api.jquery.com/ready/) and WordPress 5.6.
111
- * Update: jQuery UI CSS was updated to version 1.12.1
112
- * Fix: "Grant Roles" button produced JavaScript error, if single user without any role granted (None) was selected.
113
-
114
  File changelog.txt contains the full list of changes.
115
 
116
  == Additional Documentation ==
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 5.7
7
+ Stable tag: 4.59
8
  Requires PHP: 5.6
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
81
 
82
  == Changelog =
83
 
84
+ = [4.59] 05.04.2021 =
85
+ * Update: PHP constant URE_WP_ADMIN_URL was replaced with direct 'admin_url()' call to respect the 'admin_url' filter applied by the get_admin_url() WordPress API function.
86
+ * Update: Editing roles and capabilities granted to selected user ("Capabilities" link under user row at the "Users" list) executes 'add_user_role' or 'remove_user_role' actions only in case it really grants or revokes roles and/or capabilities.
87
+ Previous versions fully revoked and granted again all roles during user permissions update even in case roles list was not changed. It was leaded to the false execution of the mentioned add/remove role actions.
88
+
89
+ = [4.58.3] 02.03.2021 =
90
  * Update: URE automatically adds custom taxonomies user capabilities to administrator role before opening "Users->User Role Editor" page.
91
  * Fix: Role changes were not saved with option "Confirm role update" switched off.
92
 
105
  * Fix: "JQMIGRATE: jQuery.fn.click() event shorthand is deprecated" notice was fixed.
106
  * Fix: "JQMIGRATE: Number-typed values are deprecated for jQuery.fn.css( (property name), value )" notice was fixed.
107
 
 
 
 
 
 
 
 
 
 
 
 
108
  File changelog.txt contains the full list of changes.
109
 
110
  == Additional Documentation ==
user-role-editor.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
- Version: 4.58.3
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: user-role-editor
@@ -23,7 +23,7 @@ if ( defined( 'URE_PLUGIN_URL' ) ) {
23
  wp_die( 'It seems that other version of User Role Editor is active. Please deactivate it before use this version' );
24
  }
25
 
26
- define( 'URE_VERSION', '4.58.3' );
27
  define( 'URE_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
28
  define( 'URE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
29
  define( 'URE_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
+ Version: 4.59
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: user-role-editor
23
  wp_die( 'It seems that other version of User Role Editor is active. Please deactivate it before use this version' );
24
  }
25
 
26
+ define( 'URE_VERSION', '4.59' );
27
  define( 'URE_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
28
  define( 'URE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
29
  define( 'URE_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );