Core version: 4.31.1
- Fix: Plugins access add-on: User with ‘activate_plugins’ capability but empty allowed plugins list did not see any plugins. When a restriction is not set, user should see a full plugins list.
- Update: Front-end menu access add-on: It works now according to the given permissions, if current user is a site admin too.
- Update: Posts edit access add-on: It’s possible to modify posts/pages, custom post type ID list via filter ‘
ure_edit_posts_access_id_list‘. ID list is a comma separated list of integers.
Core version: 4.31.1
- New: Plugins access add-on:
– It’s possible to restrict access to the list of plugins available for activation/deactivation for the role.
– It’s possible to change selection model: allow access to the selected or not selected plugins.
- Fix: bbPress roles changes were not saved.
- Fix: Admin menu access add-on: List of allowed URL parameters checked under “blocked not selected” model was extended for parameters used by Gravity Forms plugin.
- Fix: WP transients get/set were removed from URE_Own_Capabilities class. It leaded to the MySQL deadlock in some cases.
- Update: Base_Lib::get_request_var() sanitizes user input by PHP’s filter_var() in addition to WordPress core’s esc_attr().
Core version: 4.31
- Fix: Admin menu access add-on: Blocked menu without submenu was not hidden.
- Fix: Gravity form access add-on: invalid redirection took place for many ‘admin.php?page=some-page’ URLs.
- New: Admin menu access add-on: ‘ure_admin_menu_access_admin_bar’ filter allows to extend the list of top admin menu bar items which could be hidden if their main admin menu was blocked.
Core version: 4.31
- New: It’s possible to remove unused user capabilities by list.
- Fix: There was no support for installations with a hidden/changed URL to wp-admin. URE uses ‘admin_url()’ now to get and check admin URL, instead of direct comparing URL with ‘wp-admin’ string.
- Fix: Admin menu access add-on: custom links under Settings menu were converted from /wp-admin/options-general.php?page=some-key to /wp-admin/some-key incorrectly in some cases.
- Fix: Front-end menu access add-on: access controls were shown at menu editing form for user without ‘ure_front_end_menu_access’ capability.
- Update: Admin menu access add-on: Contact Form 7 plugin URL parameters are supported to exclude redirection to dasboard.
- Update: Capability groups CSS classes are prefixed with ‘ure-‘ in order to minimize possible CSS conflicts with other plugins/themes which may load styles with the same classes.
Core version: 4.30
- New: “Granted Only” checkbox to the right from “Quick Filter” input control allows to show only granted capabilities for the selected role.
- New: Front-end menu access add-on is available. It’s possible to show menu items for everyone, logged-in users, logged-in users with selected role(s), not-logged-in visitors (more info…).
- Update: Admin menu access add-on: Top level menu items list is ordered similar way as WordPress itself use.
- Fix: Content view restrictions add-on: Content of a post prohibited for logged-in user with the selected role only was not shown for the not logged-in users. But it should be shown until this post is not prohibited apparently for the ‘no_role’ (No role for this site) virtual role too.
- Fix: Admin menu access add-on: There was automatic redirect to admin dashboard after
WooCommerce->Coupons->Add New (or similar) button click under “Block menu items: Not Selected” model, in case “Posts->Add New” was not allowed.
Core version: 4.29
- New: User Role Editor own user capabilities are grouped separately under Custom capabilities.
- Fix: Content View Restrictions add-on: Custom error message from the post editor was not shown in some cases, system global default message was shown instead.
- Fix: Content Edit Restrictions add-on: restricted user saw at post Visual editor a gallery with full list of available images instead of the allowed images included into this gallery only.
- Update: Content Edit Restrictions add-on: user with ‘create_%’ capability (like ‘create_posts’) can add new items (posts) inspite of editing restrictions applied to him. One of the purposes of this update was to allow to a user create the child pages under the allowed parent page.
- Update: Automatic updates server URL was changed to https://update.role-editor.com
- Update: URE_Lib::is_super_admin() uses WordPress core is_super_admin() for multisite setup only. Superadmin is a user with ‘administrator’ role in the case of single site WordPress installation.
This is the difference with the WordPress core which counts as a superadmin (for single site WP installation) any user with a ‘delete_users’ capability.
So it’s possible to apply add-on restrictions (e.g. admin menu access) to the users without administrator role, but with ‘delete_users’ capability.
- Update: BaseLib::option_selected() calls were replaced with the calls of a similar selected() function from WordPress core.
Core version: 4.28
- New: Meta Boxes access add-on: ‘Remove’ icon at admin page of this add-on allows to exclude from the list meta boxes which belong to the deleted plugins.
- Fix: Posts edit access restrictions add-on:
– sometimes restrictions were applied before a restricted custom post type was defined.
– post quant by the post status were calculated incorrectly for the “Prohibit” option.
- Fix: Admin menu access add-on:
– The endless redirection loop could took place if the “Dashboard” menu was blocked ( URE_Admin_Menu_Access::update_menu_selected() ).
– URL for redirection to one of Jetpack submenu items was built incorrectly.
- Update: Admin menu access add-on:
– URL parameters ‘action’, ‘menu’ were registered as allowed for the ‘nav-menus.php’ (‘Appearance->Menus’) command to exclude unexpected redirections.
– WooCommerce products, orders, coupons filtering arguments in URLs are supported now.
If you prohibited for the role ‘Posts’ menu, but allow WooCommerce ‘Products’, ‘Orders’ or ‘Coupons’ (use the same edit.php in URL),
you could meet a problem with filtering WooCommerce product by category or product type, etc. User would be redirected to the dashboard –
This means that URLs with filtering parameters in it (like product_cat, product_type) was blocked by URE.
– Block not selected model: URE does not block by default these admin menu bar items: Profile, Log Out. Menu items was checked by URL.
Menu item ID is checked now instead, as URL may be changed by plugins, like one which changes ‘wp-admin’ to the custom string.
It’s possible to modify the list of not blocked menu bar items ID using custom filter ‘ure_do_not_remove_from_admin_bar’.
- Update: Posts view restrictions add-on: input form and list of default values were enhanced/extended.
- Update: Meta boxes access add-on takes into account the meta boxes placed by BuddyPress plugin to the user profile “Extended Profile” tab.
- New: WooCommerce plugin user capabilities (if exist) are grouped separately.
- Update: Temporally raised permissions flag is taken into account when checking, if user has a superadmin privileges. WordPress is_super_admin() function was replaced with custom wrapper to define if current user is a real superadmin or just a local admin with the temporally raised (add/edit users pages) permissions.
- Update: various code optimization.
Core version: 4.27.2
- Fix: PHP notices was removed: Undefined index: “some-index” in …/pro/includes/classes/admin-menu-access.php on line 204
- Fix: PHP notice was removed: Undefined property: URE_Role_View::$multisite in wp-content/plugins/user-role-editor/includes/classes/view.php on line 143
- Fix: WordPress multisite:
– Settings link under the URE plugin at the plugins list leads to the network admin now, not to the the single site settings page, which does not exist.
– Conflict with “Visual Composer” plugin was resolved: single site administrators could now use Visual Composer editor.
– Changed role name was not replicated to other sites when user clicked “Update” with “Apply to All Sites” option turned ON.
- Fix: Admin menu access add-on: allowed command arguments array was returned by reference incorrectly – URE_Admin_Menu_URL_Allowed_Args::get_for_supported_plugins() line 30.
- Update: There was a conflict with plugins which use a ‘|’ character at the custom user capabilities: e.g. ‘Nginx Helper | Config’ from “Nginx Helper’ plugin.
- Update: Admin menu access add-on:
– available submenu item is shown for role now even if top level menu is not available for that role. For example Settings menu item protected by ‘edit_posts’ capability will be shown as available for blocking for ‘author’ role in spite of this role does not have ‘manage_options’ capability;
– URE takes into account that “WCMp Commissions” menu from “WC Marketplace” plugin may be added as to “WooCommerce” menu, as a top level menu item;
– menu separators checking was moved to the separate static method;
– support was added for additional URL parameters which WordPress uses with ‘edit.php’, e.g.: trashed, untrashed, deleted, ids.
– support was added for additional URL parameters from plugins: Ninja Forms, EventON.
- Update: Posts edit restrictions add-on: URE does no replace posts statuses views (All, Mine, Published etc.) for the restricted user. It just refreshes the quant of posts for every existed status view.
- Update: Information about compatibility with WordPress version is shown correctly at “Dashboard->Updates” page.
Core version: 4.27.1
- Update: There was a conflict with plugins which use a ‘/’ character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
- Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class
Core version: 4.27
- New: Total/Granted counters were added to the capabilities groups titles.
- New: “Columns” drop-down menu allows to change capabilities section layout to 1, 2 or 3 columns.
- New: Capabilities section is limited in height and has independent scrollbar.
- Update: User Role Editor form uses more available space on page.
- Update: URE_Ajax_Processor class allows to differentiate required user permissions according to action submitted by user.
- Update: Custom post type ID is converted to lower case when build post capability ID
- Fix: CSS updated to exclude text overlapping at capabilities groups section when custom post type name is not fitted into 1 line.
- Fix: “Notice: Undefined index … in wp-content/plugins/user-role-editor-pro/pro/includes/classes/meta-boxes.php on line 86” was produced when URE tried to block not active meta box.
- Fix: class URE_Admin_Menu_URL_Allowed_Args produced PHP fatal error: “Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM” at line 29 for PHP versions older 5.3. Compatible version of a code is used instead now.
Core version: 4.26.4
- Fix: PHP versions prior to 5.5. produces fatal error: Can’t use function return value in write context in …/content-view-restrictions-posts-list.php on line 488
Core version: 4.26.4
- New: User capabilities are grouped by purpose/functionality for more convenience.
- New: Content view restrictions shortcode allows to use ‘except_role’ attribute – to show content inside shortcode to all users except users with roles included into ‘except_role’ attribute.
- Update: URE_Ajax_Processor class allows to diffirentiate required user permissions according to action submitted by user.
- Update: Admin menu access module:
– Filter ‘ure_admin_menu_access_allowed_args’ was added. Use it to register URL parameters in order URE does not block the links inside allowed pages.It happens generally when you use ‘block not selected’ model.
– Admin menu copy creation was optimized. It’s executed now just after any plugin activation and when URE’s page is opened.
- Update: Widgets Show Access add-on: It’s enough to have ‘ure_widgets_show_access’ capability now to get access to this add-on functionality.
- Fix: Admin menu access module:
– Menu links were calculated incorrectly for some plugins (generally with page=admin.php inside). It’s recommended to re-check your admin menu restrictions settings after this update.
– Sorting (by category, etc.) inside allowed posts/pages list page may lead to the redirection to the admin dashboard.
– Added support for “Download Monitor”, “Unite Gallery”, “WPML” plugins additional URL parameters.
- Fix: Content View Restrictions module:
– Conflict was resolved with WPML plugin. It adds ‘p’ parameter to the queries for a single post.Titles of restricted posts were viewable for that reason.
- Fix: Edit posts/pages restrictions add-on: It did not allowed to edit the attachments for ‘Own data only’ option or authors ID list.