WordPress.org

Plugin Directory

Changeset 1759623


Ignore:
Timestamp:
11/06/17 18:33:47 (6 weeks ago)
Author:
greenshady
Message:

Uploading version 2.0.2 of the Members plugin.

Location:
members
Files:
81 added
18 edited

Legend:

Unmodified
Added
Removed
  • members/trunk/admin/class-role-edit.php

    r1699146 r1759623  
    121121 
    122122            // Get the granted and denied caps. 
    123             $grant_caps = ! empty( $_POST['grant-caps'] ) ? array_unique( $_POST['grant-caps'] ) : array(); 
    124             $deny_caps  = ! empty( $_POST['deny-caps'] )  ? array_unique( $_POST['deny-caps'] ) : array(); 
     123            $grant_caps = ! empty( $_POST['grant-caps'] ) ? members_remove_hidden_caps( array_unique( $_POST['grant-caps'] ) ) : array(); 
     124            $deny_caps  = ! empty( $_POST['deny-caps'] )  ? members_remove_hidden_caps( array_unique( $_POST['deny-caps']  ) ) : array(); 
    125125 
    126126            // Get the new (custom) granted and denied caps. 
    127             $grant_new_caps = ! empty( $_POST['grant-new-caps'] ) ? array_unique( $_POST['grant-new-caps'] ) : array(); 
    128             $deny_new_caps  = ! empty( $_POST['deny-new-caps'] )  ? array_unique( $_POST['deny-new-caps'] ) : array(); 
     127            $grant_new_caps = ! empty( $_POST['grant-new-caps'] ) ? members_remove_hidden_caps( array_unique( $_POST['grant-new-caps'] ) ) : array(); 
     128            $deny_new_caps  = ! empty( $_POST['deny-new-caps'] )  ? members_remove_hidden_caps( array_unique( $_POST['deny-new-caps']  ) ) : array(); 
    129129 
    130130            // Get the all and custom cap group objects. 
     
    209209                $this->role->name, 
    210210                array( 
    211                     'label' => $this->members_role->label, 
     211                    'label' => $this->members_role->get( 'label' ), 
    212212                    'caps'  => $this->role->capabilities 
    213213                ) 
     
    224224        // If successful update. 
    225225        if ( $this->role_updated ) 
    226             add_settings_error( 'members_edit_role', 'role_updated', sprintf( esc_html__( '%s role updated.', 'members' ), members_get_role( $this->role->name )->label ), 'updated' ); 
     226            add_settings_error( 'members_edit_role', 'role_updated', sprintf( esc_html__( '%s role updated.', 'members' ), members_get_role( $this->role->name )->get( 'label' ) ), 'updated' ); 
    227227 
    228228        // If the role is not editable. 
    229229        if ( ! $this->is_editable ) 
    230             add_settings_error( 'members_edit_role', 'role_uneditable', sprintf( esc_html__( 'The %s role is not editable. This means that it is most likely added via another plugin for a special use or that you do not have permission to edit it.', 'members' ), members_get_role( $this->role->name )->label ) ); 
     230            add_settings_error( 'members_edit_role', 'role_uneditable', sprintf( esc_html__( 'The %s role is not editable. This means that it is most likely added via another plugin for a special use or that you do not have permission to edit it.', 'members' ), members_get_role( $this->role->name )->get( 'label' ) ) ); 
    231231 
    232232        // If editing the core administrator role. 
    233233        if ( 'administrator' === $this->role->name ) 
    234             add_settings_error( 'members_edit_role', 'role_is_admin', sprintf( esc_html__( 'The %s role is typically the most important role on the site. Please take extreme caution that you do not inadvertently remove necessary capabilities.', 'members' ), members_get_role( $this->role->name )->label ) ); 
     234            add_settings_error( 'members_edit_role', 'role_is_admin', sprintf( esc_html__( 'The %s role is typically the most important role on the site. Please take extreme caution that you do not inadvertently remove necessary capabilities.', 'members' ), members_get_role( $this->role->name )->get( 'label' ) ) ); 
    235235 
    236236        // If a new role was added (redirect from new role screen). 
    237237        if ( isset( $_GET['message'] ) && 'role_added' === $_GET['message'] ) 
    238             add_settings_error( 'members_edit_role', 'role_added', sprintf( esc_html__( 'The %s role has been created.', 'members' ), members_get_role( $this->role->name )->label ), 'updated' ); 
     238            add_settings_error( 'members_edit_role', 'role_added', sprintf( esc_html__( 'The %s role has been created.', 'members' ), members_get_role( $this->role->name )->get( 'label' ) ), 'updated' ); 
    239239 
    240240        // Load page hook. 
     
    319319                                <div id="titlewrap"> 
    320320                                    <span class="screen-reader-text"><?php esc_html_e( 'Role Name', 'members' ); ?></span> 
    321                                     <input type="text" disabled="disabled" readonly="readonly" value="<?php echo esc_attr( members_get_role( $this->role->name )->label ); ?>" /> 
     321                                    <input type="text" disabled="disabled" readonly="readonly" value="<?php echo esc_attr( members_get_role( $this->role->name )->get( 'label' ) ); ?>" /> 
    322322                                </div><!-- #titlewrap --> 
    323323 
  • members/trunk/admin/class-role-list-table.php

    r1699146 r1759623  
    249249 
    250250        // Add the title and role states. 
    251         $title = sprintf( '<strong><a class="row-title" href="%s">%s</a>%s</strong>', esc_url( members_get_edit_role_url( $role ) ), esc_html( members_get_role( $role )->label ), $role_states ); 
     251        if ( current_user_can( 'edit_roles' ) ) 
     252            $title = sprintf( '<strong><a class="row-title" href="%s">%s</a>%s</strong>', esc_url( members_get_edit_role_url( $role ) ), esc_html( members_get_role( $role )->get( 'label' ) ), $role_states ); 
     253 
     254        else 
     255            $title = sprintf( '<strong><span class="row-title">%s</span>%s</strong>', esc_html( members_get_role( $role )->get( 'label' ) ), $role_states ); 
    252256 
    253257        return apply_filters( 'members_manage_roles_column_role_name', $title, $role ); 
     
    342346 
    343347            // If the role cannot be edited. 
    344             } else { 
     348            } elseif ( current_user_can( 'edit_roles' ) ) { 
    345349 
    346350                // Add the view role link. 
  • members/trunk/admin/class-role-new.php

    r1699146 r1759623  
    162162            if ( isset( $_POST['grant-caps'] ) || isset( $_POST['deny-caps'] ) ) { 
    163163 
    164                 $grant_caps = ! empty( $_POST['grant-caps'] ) ? array_unique( $_POST['grant-caps'] ) : array(); 
    165                 $deny_caps  = ! empty( $_POST['deny-caps'] )  ? array_unique( $_POST['deny-caps'] ) : array(); 
     164                $grant_caps = ! empty( $_POST['grant-caps'] ) ? members_remove_hidden_caps( array_unique( $_POST['grant-caps'] ) ) : array(); 
     165                $deny_caps  = ! empty( $_POST['deny-caps'] )  ? members_remove_hidden_caps( array_unique( $_POST['deny-caps']  ) ) : array(); 
    166166 
    167167                foreach ( $_m_caps as $cap ) { 
     
    175175            } 
    176176 
    177             $grant_new_caps = ! empty( $_POST['grant-new-caps'] ) ? array_unique( $_POST['grant-new-caps'] ) : array(); 
    178             $deny_new_caps  = ! empty( $_POST['deny-new-caps'] )  ? array_unique( $_POST['deny-new-caps'] ) : array(); 
     177            $grant_new_caps = ! empty( $_POST['grant-new-caps'] ) ? members_remove_hidden_caps( array_unique( $_POST['grant-new-caps'] ) ) : array(); 
     178            $deny_new_caps  = ! empty( $_POST['deny-new-caps'] )  ? members_remove_hidden_caps( array_unique( $_POST['deny-new-caps']  ) ) : array(); 
    179179 
    180180            foreach ( $grant_new_caps as $grant_new_cap ) { 
     
    182182                $_cap = members_sanitize_cap( $grant_new_cap ); 
    183183 
    184                 if ( 'do_not_allow' !== $_cap && ! in_array( $_cap, $_m_caps ) ) 
     184                if ( ! in_array( $_cap, $_m_caps ) ) 
    185185                    $new_caps[ $_cap ] = true; 
    186186            } 
     
    190190                $_cap = members_sanitize_cap( $deny_new_cap ); 
    191191 
    192                 if ( 'do_not_allow' !== $_cap && ! in_array( $_cap, $_m_caps ) ) 
     192                if ( ! in_array( $_cap, $_m_caps ) ) 
    193193                    $new_caps[ $_cap ] = false; 
    194194            } 
     
    326326                                <div id="titlewrap"> 
    327327                                    <span class="screen-reader-text"><?php esc_html_e( 'Role Name', 'members' ); ?></span> 
    328                                     <input type="text" name="role_name" value="<?php echo ! $this->role && $this->clone_role ? esc_attr( sprintf( __( '%s Clone', 'members' ), members_get_role( $this->clone_role )->label ) ) : esc_attr( $this->role_name ); ?>" placeholder="<?php esc_attr_e( 'Enter role name', 'members' ); ?>" /> 
     328                                    <input type="text" name="role_name" value="<?php echo ! $this->role && $this->clone_role ? esc_attr( sprintf( __( '%s Clone', 'members' ), members_get_role( $this->clone_role )->get( 'label' ) ) ) : esc_attr( $this->role_name ); ?>" placeholder="<?php esc_attr_e( 'Enter role name', 'members' ); ?>" /> 
    329329                                </div><!-- #titlewrap --> 
    330330 
  • members/trunk/admin/class-roles.php

    r1699146 r1759623  
    129129 
    130130                    // Add role deleted message. 
    131                     add_settings_error( 'members_roles', 'role_deleted', sprintf( esc_html__( '%s role deleted.', 'members' ), members_get_role( $role )->label ), 'updated' ); 
     131                    add_settings_error( 'members_roles', 'role_deleted', sprintf( esc_html__( '%s role deleted.', 'members' ), members_get_role( $role )->get( 'label' ) ), 'updated' ); 
    132132 
    133133                    // Delete the role. 
  • members/trunk/admin/class-user-edit.php

    r1737967 r1759623  
    106106                                <label> 
    107107                                    <input type="checkbox" name="members_user_roles[]" value="<?php echo esc_attr( $role->name ); ?>" <?php checked( in_array( $role->name, $user_roles ) ); ?> /> 
    108                                     <?php echo esc_html( $role->label ); ?> 
     108                                    <?php echo esc_html( $role->get( 'label' ) ); ?> 
    109109                                </label> 
    110110                            </li> 
  • members/trunk/admin/class-user-new.php

    r1737967 r1759623  
    118118                                <label> 
    119119                                    <input type="checkbox" name="members_user_roles[]" value="<?php echo esc_attr( $role->name ); ?>" <?php checked( in_array( $role->name, $new_user_roles ) ); ?> /> 
    120                                     <?php echo esc_html( $role->label ); ?> 
     120                                    <?php echo esc_html( $role->get( 'label' ) ); ?> 
    121121                                </label> 
    122122                            </li> 
  • members/trunk/admin/functions-admin.php

    r1699146 r1759623  
    4848        'label_grant_cap'  => esc_html__( 'Grant %s capability', 'members' ), 
    4949        'label_deny_cap'   => esc_html__( 'Deny %s capability',  'members' ), 
    50         'ays_delete_role'  => esc_html__( 'Are you sure you want to delete this role? This is a permanent action and cannot be undone.', 'members' ) 
     50        'ays_delete_role'  => esc_html__( 'Are you sure you want to delete this role? This is a permanent action and cannot be undone.', 'members' ), 
     51        'hidden_caps'      => members_get_hidden_caps() 
    5152    ); 
    5253 
  • members/trunk/changelog.md

    r1737967 r1759623  
    11# Change Log 
     2 
     3## [2.0.2] - 2017-11-06 
     4 
     5### Fixed 
     6 
     7* Role labels should now be handled correctly where the plugin outputs them.  This was not corrected in 2.0.1 as previously thought. 
     8 
     9### Security 
     10 
     11* Corrected a capability escalation issue on multisite where administrators could assign themselves network caps.  Administrators are no longer given the `create_role`, `edit_role`, and `delete_role` caps on multisite.  A Super Admin must manually set these caps if they want to grant them to a site administrator.  Additionally, network caps are always blocked from being assigned. 
    212 
    313## [2.0.1] - 2017-09-28 
  • members/trunk/inc/class-role.php

    r1699146 r1759623  
    159159        } 
    160160    } 
     161 
     162    /** 
     163     * Magic method for getting media object properties.  Let's keep from failing if a theme 
     164     * author attempts to access a property that doesn't exist. 
     165     * 
     166     * @since  2.0.2 
     167     * @access public 
     168     * @param  string  $property 
     169     * @return mixed 
     170     */ 
     171    public function get( $property ) { 
     172 
     173        if ( 'label' === $property ) 
     174            return members_translate_role( $this->name ); 
     175 
     176        return isset( $this->$property ) ? $this->$property : false; 
     177    } 
    161178} 
  • members/trunk/inc/class-widget-users.php

    r1699146 r1759623  
    230230                <option value="" <?php selected( $instance['role'], '' ); ?>></option> 
    231231                <?php foreach ( $roles as $name => $role ) : ?> 
    232                     <option value="<?php echo esc_attr( $name ); ?>" <?php selected( $instance['role'], $name ); ?>><?php echo esc_html( $role->label ); ?></option> 
     232                    <option value="<?php echo esc_attr( $name ); ?>" <?php selected( $instance['role'], $name ); ?>><?php echo esc_html( $role->get( 'label' ) ); ?></option> 
    233233                <?php endforeach; ?> 
    234234            </select> 
  • members/trunk/inc/functions-capabilities.php

    r1699146 r1759623  
    372372    // This is always a hidden cap and should never be added to the caps list. 
    373373    $caps[] = 'do_not_allow'; 
     374 
     375    // Network-level caps. 
     376    // These shouldn't show on single-site installs anyway. 
     377    // On multisite installs, they should be handled by a network-specific role manager. 
     378    $caps[] = 'create_sites'; 
     379    $caps[] = 'delete_sites'; 
     380    $caps[] = 'manage_network'; 
     381    $caps[] = 'manage_sites'; 
     382    $caps[] = 'manage_network_users'; 
     383    $caps[] = 'manage_network_plugins'; 
     384    $caps[] = 'manage_network_themes'; 
     385    $caps[] = 'manage_network_options'; 
     386    $caps[] = 'upgrade_network'; 
     387 
     388    // This cap is needed on single site to set up a multisite network. 
     389    if ( is_multisite() ) 
     390        $caps[] = 'setup_network'; 
    374391 
    375392    // Unfiltered uploads. 
  • members/trunk/inc/functions-deprecated.php

    r1699146 r1759623  
    4242 
    4343    foreach ( members_get_active_roles() as $role ) 
    44         $has_users[ $role ] = members_get_role( $role )->label; 
     44        $has_users[ $role ] = members_get_role( $role )->get( 'label' ); 
    4545 
    4646    return $has_users; 
  • members/trunk/inc/functions-roles.php

    r1737967 r1759623  
    4141 
    4242        $args = array( 
    43             'label' => members_translate_role_hook( $object['name'], $name ), 
     43            'label' => $object['name'], 
    4444            'caps'  => $object['capabilities'] 
    4545        ); 
  • members/trunk/inc/functions-users.php

    r1699146 r1759623  
    154154 
    155155    foreach ( $user->roles as $role ) 
    156         $names[ $role ] = members_get_role( $role )->label; 
     156        $names[ $role ] = members_get_role( $role )->get( 'label' ); 
    157157 
    158158    return $names; 
  • members/trunk/js/edit-role.js

    r1699146 r1759623  
    326326 
    327327            // If there's a value in the input, enable the add new button. 
    328             if ( 'do_not_allow' !== jQuery( this ).val() ) { 
     328            //if ( 'do_not_allow' !== jQuery( this ).val() ) { 
     329            if ( -1 === jQuery.inArray( jQuery( this ).val(), members_i18n.hidden_caps ) ) { 
    329330 
    330331                jQuery( '#members-add-new-cap' ).prop( 'disabled', false ); 
     
    365366 
    366367                // Don't allow the 'do_not_allow' cap. 
    367                 if ( 'do_not_allow' === new_cap ) { 
     368                //if ( 'do_not_allow' === new_cap ) { 
     369                if ( -1 !== jQuery.inArray( jQuery( this ).val(), members_i18n.hidden_caps ) ) { 
    368370                    return; 
    369371                } 
  • members/trunk/js/edit-role.min.js

    r1699146 r1759623  
    1 jQuery(document).ready(function(){function e(e){e=e.toLowerCase().trim().replace(/<.*?>/g,"").replace(/\s/g,"_").replace(/[^a-zA-Z0-9_]/g,""),jQuery(".role-slug").text(e)}function r(){var e=jQuery("#members-tab-all input[data-grant-cap]:checked").length,r=jQuery("#members-tab-all input[data-deny-cap]:checked").length,t=jQuery('#members-tab-custom input[name="grant-new-caps[]"]:checked').length,a=jQuery('#members-tab-custom input[name="deny-new-caps[]"]:checked').length;jQuery("#submitdiv .granted-count").text(e+t),jQuery("#submitdiv .denied-count").text(r+a)}function t(e){var r="grant",t="deny";jQuery(e).attr("data-deny-cap")&&(r="deny",t="grant");var a=jQuery(e).attr("data-"+r+"-cap");jQuery(e).prop("checked")?(jQuery("input[data-"+r+'-cap="'+a+'"]').not(e).prop("checked",!0),jQuery("input[data-"+t+'-cap="'+a+'"]').prop("checked",!1)):jQuery("input[data-"+r+'-cap="'+a+'"]').not(e).prop("checked",!1)}jQuery(".members-delete-role-link").click(function(){return window.confirm(members_i18n.ays_delete_role)}),jQuery('input[name="role_name"]').keyup(function(){jQuery('input[name="role"]').val()||e(this.value)}),jQuery('input[name="role"], .role-ok-button').hide(),jQuery(document).on("click",".role-edit-button.closed",function(){jQuery(this).removeClass("closed").addClass("open").text(members_i18n.button_role_ok),jQuery('input[name="role"]').show(),jQuery('input[name="role"]').trigger("focus"),jQuery('input[name="role"]').attr("value",jQuery(".role-slug").text())}),jQuery(document).on("click",".role-edit-button.open",function(){jQuery(this).removeClass("open").addClass("closed").text(members_i18n.button_role_edit),jQuery('input[name="role"]').hide();var r=jQuery('input[name="role"]').val();e(r?r:jQuery('input[name="role_name"]').val())}),jQuery('input[name="role"]').keypress(function(e){if(13===e.keyCode)return jQuery(".role-edit-button").click().trigger("focus"),e.preventDefault(),!1}),jQuery('.users_page_role-new input[name="role_name"]').val()||jQuery(".users_page_role-new #publish").prop("disabled",!0),jQuery('.users_page_role-new input[name="role_name"]').on("input",function(){jQuery(this).val()?jQuery(".users_page_role-new #publish").prop("disabled",!1):jQuery(".users_page_role-new #publish").prop("disabled",!0)});var a=wp.template("members-cap-section"),n=wp.template("members-cap-control");"undefined"!=typeof members_sections&&"undefined"!=typeof members_controls&&(_.each(members_sections,function(e){jQuery(".members-tab-wrap").append(a(e))}),_.each(members_controls,function(e){jQuery("#members-tab-"+e.section+" tbody").append(n(e))})),jQuery(".members-cap-tabs .members-tab-content").hide(),jQuery(".members-cap-tabs .members-tab-content:first-child").show(),jQuery(".members-tab-nav :first-child").attr("aria-selected","true"),jQuery(".members-which-tab").text(jQuery(".members-tab-nav :first-child a").text()),jQuery(".members-tab-nav li a").click(function(e){e.preventDefault();var r=jQuery(this).attr("href");jQuery(this).parents(".members-cap-tabs").find(".members-tab-content").hide(),jQuery(this).parents(".members-cap-tabs").find(r).show(),jQuery(this).parents(".members-cap-tabs").find(".members-tab-title").attr("aria-selected","false"),jQuery(this).parent().attr("aria-selected","true"),jQuery(".members-which-tab").text(jQuery(this).text())}),r(),jQuery(document).on("change",".members-cap-checklist input[data-grant-cap], .members-cap-checklist input[data-deny-cap]",function(){t(this),r()}),jQuery(document).on("click",".editable-role .members-cap-checklist button",function(){var e=jQuery(this).closest(".members-cap-checklist"),r=jQuery(e).find("input[data-grant-cap]"),t=jQuery(e).find("input[data-deny-cap]");jQuery(r).prop("checked")?(jQuery(r).prop("checked",!1),jQuery(t).prop("checked",!0).change()):jQuery(t).prop("checked")?(jQuery(r).prop("checked",!1),jQuery(t).prop("checked",!1).change()):jQuery(r).prop("checked",!0).change()}),jQuery(document).on("hover",".editable-role .members-cap-checklist button",function(){jQuery(".members-cap-checklist button:focus").not(this).blur()}),postboxes.add_postbox_toggles(pagenow),jQuery("#newcapdiv button.handlediv").attr("type","button"),jQuery("#members-add-new-cap").prop("disabled",!0),jQuery("#members-new-cap-field").on("input",function(){"do_not_allow"!==jQuery(this).val()?jQuery("#members-add-new-cap").prop("disabled",!1):jQuery("#members-add-new-cap").prop("disabled",!0)}),jQuery("#members-new-cap-field").keypress(function(e){if(13===e.keyCode)return jQuery("#members-add-new-cap").click(),e.preventDefault(),!1}),jQuery("#members-add-new-cap").click(function(){var e=jQuery("#members-new-cap-field").val();if(e=e.trim().replace(/<.*?>/g,"").replace(/\s/g,"_").replace(/[^a-zA-Z0-9_]/g,"")){if("do_not_allow"===e)return;jQuery('a[href="#members-tab-custom"]').trigger("click"),members_i18n.label_grant_cap=members_i18n.label_grant_cap.replace(/%s/g,"<code>"+e+"</code>"),members_i18n.label_deny_cap=members_i18n.label_deny_cap.replace(/%s/g,"<code>"+e+"</code>");var r={cap:e,readonly:"",name:{grant:"grant-new-caps[]",deny:"deny-new-caps[]"},is_granted_cap:!0,is_denied_cap:!1,label:{cap:e,grant:members_i18n.label_grant_cap,deny:members_i18n.label_deny_cap}};jQuery("#members-tab-custom tbody").prepend(n(r));var t=jQuery('[data-grant-cap="'+e+'"]').parents(".members-cap-checklist");jQuery(t).addClass("members-highlight"),setTimeout(function(){jQuery(t).removeClass("members-highlight")},500),jQuery("#members-new-cap-field").val(""),jQuery("#members-add-new-cap").prop("disabled",!0),jQuery('.members-cap-checklist input[data-grant-cap="'+e+'"]').trigger("change")}})}); 
     1jQuery(document).ready(function(){function e(e){e=e.toLowerCase().trim().replace(/<.*?>/g,"").replace(/\s/g,"_").replace(/[^a-zA-Z0-9_]/g,""),jQuery(".role-slug").text(e)}function r(){var e=jQuery("#members-tab-all input[data-grant-cap]:checked").length,r=jQuery("#members-tab-all input[data-deny-cap]:checked").length,t=jQuery('#members-tab-custom input[name="grant-new-caps[]"]:checked').length,a=jQuery('#members-tab-custom input[name="deny-new-caps[]"]:checked').length;jQuery("#submitdiv .granted-count").text(e+t),jQuery("#submitdiv .denied-count").text(r+a)}function t(e){var r="grant",t="deny";jQuery(e).attr("data-deny-cap")&&(r="deny",t="grant");var a=jQuery(e).attr("data-"+r+"-cap");jQuery(e).prop("checked")?(jQuery("input[data-"+r+'-cap="'+a+'"]').not(e).prop("checked",!0),jQuery("input[data-"+t+'-cap="'+a+'"]').prop("checked",!1)):jQuery("input[data-"+r+'-cap="'+a+'"]').not(e).prop("checked",!1)}jQuery(".members-delete-role-link").click(function(){return window.confirm(members_i18n.ays_delete_role)}),jQuery('input[name="role_name"]').keyup(function(){jQuery('input[name="role"]').val()||e(this.value)}),jQuery('input[name="role"], .role-ok-button').hide(),jQuery(document).on("click",".role-edit-button.closed",function(){jQuery(this).removeClass("closed").addClass("open").text(members_i18n.button_role_ok),jQuery('input[name="role"]').show(),jQuery('input[name="role"]').trigger("focus"),jQuery('input[name="role"]').attr("value",jQuery(".role-slug").text())}),jQuery(document).on("click",".role-edit-button.open",function(){jQuery(this).removeClass("open").addClass("closed").text(members_i18n.button_role_edit),jQuery('input[name="role"]').hide();var r=jQuery('input[name="role"]').val();e(r?r:jQuery('input[name="role_name"]').val())}),jQuery('input[name="role"]').keypress(function(e){if(13===e.keyCode)return jQuery(".role-edit-button").click().trigger("focus"),e.preventDefault(),!1}),jQuery('.users_page_role-new input[name="role_name"]').val()||jQuery(".users_page_role-new #publish").prop("disabled",!0),jQuery('.users_page_role-new input[name="role_name"]').on("input",function(){jQuery(this).val()?jQuery(".users_page_role-new #publish").prop("disabled",!1):jQuery(".users_page_role-new #publish").prop("disabled",!0)});var a=wp.template("members-cap-section"),n=wp.template("members-cap-control");"undefined"!=typeof members_sections&&"undefined"!=typeof members_controls&&(_.each(members_sections,function(e){jQuery(".members-tab-wrap").append(a(e))}),_.each(members_controls,function(e){jQuery("#members-tab-"+e.section+" tbody").append(n(e))})),jQuery(".members-cap-tabs .members-tab-content").hide(),jQuery(".members-cap-tabs .members-tab-content:first-child").show(),jQuery(".members-tab-nav :first-child").attr("aria-selected","true"),jQuery(".members-which-tab").text(jQuery(".members-tab-nav :first-child a").text()),jQuery(".members-tab-nav li a").click(function(e){e.preventDefault();var r=jQuery(this).attr("href");jQuery(this).parents(".members-cap-tabs").find(".members-tab-content").hide(),jQuery(this).parents(".members-cap-tabs").find(r).show(),jQuery(this).parents(".members-cap-tabs").find(".members-tab-title").attr("aria-selected","false"),jQuery(this).parent().attr("aria-selected","true"),jQuery(".members-which-tab").text(jQuery(this).text())}),r(),jQuery(document).on("change",".members-cap-checklist input[data-grant-cap], .members-cap-checklist input[data-deny-cap]",function(){t(this),r()}),jQuery(document).on("click",".editable-role .members-cap-checklist button",function(){var e=jQuery(this).closest(".members-cap-checklist"),r=jQuery(e).find("input[data-grant-cap]"),t=jQuery(e).find("input[data-deny-cap]");jQuery(r).prop("checked")?(jQuery(r).prop("checked",!1),jQuery(t).prop("checked",!0).change()):jQuery(t).prop("checked")?(jQuery(r).prop("checked",!1),jQuery(t).prop("checked",!1).change()):jQuery(r).prop("checked",!0).change()}),jQuery(document).on("hover",".editable-role .members-cap-checklist button",function(){jQuery(".members-cap-checklist button:focus").not(this).blur()}),postboxes.add_postbox_toggles(pagenow),jQuery("#newcapdiv button.handlediv").attr("type","button"),jQuery("#members-add-new-cap").prop("disabled",!0),jQuery("#members-new-cap-field").on("input",function(){-1===jQuery.inArray(jQuery(this).val(),members_i18n.hidden_caps)?jQuery("#members-add-new-cap").prop("disabled",!1):jQuery("#members-add-new-cap").prop("disabled",!0)}),jQuery("#members-new-cap-field").keypress(function(e){if(13===e.keyCode)return jQuery("#members-add-new-cap").click(),e.preventDefault(),!1}),jQuery("#members-add-new-cap").click(function(){var e=jQuery("#members-new-cap-field").val();if(e=e.trim().replace(/<.*?>/g,"").replace(/\s/g,"_").replace(/[^a-zA-Z0-9_]/g,"")){if(-1!==jQuery.inArray(jQuery(this).val(),members_i18n.hidden_caps))return;jQuery('a[href="#members-tab-custom"]').trigger("click"),members_i18n.label_grant_cap=members_i18n.label_grant_cap.replace(/%s/g,"<code>"+e+"</code>"),members_i18n.label_deny_cap=members_i18n.label_deny_cap.replace(/%s/g,"<code>"+e+"</code>");var r={cap:e,readonly:"",name:{grant:"grant-new-caps[]",deny:"deny-new-caps[]"},is_granted_cap:!0,is_denied_cap:!1,label:{cap:e,grant:members_i18n.label_grant_cap,deny:members_i18n.label_deny_cap}};jQuery("#members-tab-custom tbody").prepend(n(r));var t=jQuery('[data-grant-cap="'+e+'"]').parents(".members-cap-checklist");jQuery(t).addClass("members-highlight"),setTimeout(function(){jQuery(t).removeClass("members-highlight")},500),jQuery("#members-new-cap-field").val(""),jQuery("#members-add-new-cap").prop("disabled",!0),jQuery('.members-cap-checklist input[data-grant-cap="'+e+'"]').trigger("change")}})}); 
  • members/trunk/members.php

    r1737967 r1759623  
    44 * Plugin URI:  https://themehybrid.com/plugins/members 
    55 * Description: A user and role management plugin that puts you in full control of your site's permissions. This plugin allows you to edit your roles and their capabilities, clone existing roles, assign multiple roles per user, block post content, or even make your site completely private. 
    6  * Version:     2.0.1 
     6 * Version:     2.0.2 
    77 * Author:      Justin Tadlock 
    88 * Author URI:  https://themehybrid.com 
     
    2626 * 
    2727 * @package   Members 
    28  * @version   2.0.1 
     28 * @version   2.0.2 
    2929 * @author    Justin Tadlock <justintadlock@gmail.com> 
    3030 * @copyright Copyright (c) 2009 - 2017, Justin Tadlock 
     
    298298        if ( ! empty( $role ) ) { 
    299299 
     300            $role->add_cap( 'restrict_content' ); // Edit per-post content permissions. 
    300301            $role->add_cap( 'list_roles'       ); // View roles in backend. 
    301             $role->add_cap( 'create_roles'     ); // Create new roles. 
    302             $role->add_cap( 'delete_roles'     ); // Delete existing roles. 
    303             $role->add_cap( 'edit_roles'       ); // Edit existing roles/caps. 
    304             $role->add_cap( 'restrict_content' ); // Edit per-post content permissions. 
     302 
     303            // Do not allow administrators to edit, create, or delete roles 
     304            // in a multisite setup. Super admins should assign these manually. 
     305            if ( ! is_multisite() ) { 
     306                $role->add_cap( 'create_roles' ); // Create new roles. 
     307                $role->add_cap( 'delete_roles' ); // Delete existing roles. 
     308                $role->add_cap( 'edit_roles'   ); // Edit existing roles/caps. 
     309            } 
    305310        } 
    306311    } 
  • members/trunk/readme.txt

    r1737967 r1759623  
    55Tags: capabilities, roles, members, users 
    66Requires at least: 4.7 
    7 Tested up to: 4.8.2 
     7Tested up to: 4.8.3 
    88Requires PHP: 5.3 
    9 Stable tag: 2.0.1 
     9Stable tag: 2.0.2 
    1010License: GPLv2 or later 
    1111License URI: http://www.gnu.org/licenses/gpl-2.0.html 
     
    8181If, for some reason, you do have the administrator role and the role manager is still inaccessible to you, deactivate the plugin.  Then, reactivate it. 
    8282 
     83### On multisite, why can't administrators cannot manage roles? 
     84 
     85If you have a multisite installation, only Super Admins can create, edit, and delete roles by default.  This is a security measure to make sure that you absolutely trust sub-site admins to make these types of changes to roles.  If you're certain you want to allow this, add the Create Roles (`create_roles`), Edit Roles (`edit_roles`), and/or Delete Roles (`delete_roles`) capabilities to the role on each sub-site where you want to allow this. 
     86 
     87_Note: This change was made in version 2.0.2 and has no effect on existing installs of Members on existing sub-sites._ 
     88 
    8389### Help! I've locked myself out of my site! 
    8490 
Note: See TracChangeset for help on using the changeset viewer.