Older Changes

[4.19.2] 01.10.2015

  • Core version: 4.19.2
  • Fix: Default role value has not been refreshed automatically after change at the “Default Role” dialog.
  • Fix: global $post variable was changed in some cases by the “Posts view restrictions” add-on.
  • Fix: Admin menu access add-on: User could upload new media at the Post Editor with “Media -> Add New” menu item blocked. “File Upload” tab is removed in this case now. User may select from the existing Media Library items only.
  • More detailed notice messages are shown after default role change – to reflect a possible error or problem.
  • Other default roles (in addition to the primary role) was assigned to a new registered user for requests from the admin back-end only. Now this feature works for the requests from the front-end user registration forms too (including WordPress multisite).
  • Interface to Posts bulk action “Edit access” was available to the users without “ure_edit_posts_access” capability – fixed. Action itself was not fulfilled (blocked at server side) due to obvious permissions error.
  • Content view restrictions add-on: custom post types selection enhanced in order to include types which are not public
  • Content view restrictions add-on: processes now custom post type content beyond the main loops, including ‘wlbdash'(Dashboard) post type from “White Label Branding for WordPress Multisite” plugin.
  • Content edit restrictions add-on: supports unique create custom post type capability even in case it does not use ‘edit_’ in its name. For example for ‘wlbdash’ post type, create post capability will get name ‘create_wlbdashs’ instead of default ‘wlb_dashboard_tool’.
  • Admin menu access add-on: bug was fixed for URL starting from ‘admin.php?page=’
  • Added new filter ‘ure_get_allowed_gf_forms’. It allows to modify array of Gravity Forms ID available to the current user.
  • CSS enhanced to exclude column wrapping for the capabilities with the long names.
  • The translation text domain was changed to the plugin slug (user-role-editor) for the compatibility with translations.wordpress.org

[4.19] 04.08.2015

* It is possible to assign to the user multiple roles directly through a user profile edit page.
* Custom SQL-query (checked if the role is in use and slow on the huge data) was excluded and replaced with WordPress built-in function call. [Thanks to Aaron](https://wordpress.org/support/topic/poorly-scaling-queries).
* Bulk role assignment to the users without role was rewritten for cases with a huge quant of users. It processes just 50 users without role for the one request to return the answer from the server in the short time.
* Admin menu access add-on:
* 1) ‘block not selected’ access model was added to the default ‘block selected’ one. It is more convenient in cases when you wish to block automatically all new added menu items.
* 2) use top checkbox control to select/unselect all checkboxes. Click on it with ‘Shift’ key inverts current selection.
* Other roles access add-on:
* 1) ‘block not selected’ access model was added to the default ‘block selected’ one. It is more convenient in cases when you wish to block automatically all new added roles.
* 2) use top checkbox control to select/unselect all checkboxes. Click on it with ‘Shift’ key inverts current selection.
* It is possible to set restrictions to the main site widgets at the Network Admin and replicate them to the whole network.
* Other roles access add-on:
* 1) ‘block not selected’ access model was added to the default ‘block selected’ one. It is more convenient in cases when you wish to block automatically all new added roles.
* 2) use top checkbox control to select/unselect all checkboxes. Click on it with ‘Shift’ key inverts current selection.
* Content view restrictions add-on:
* 1) It is possible to set what categories (tags/custom taxonomies) are allowed/prohibited to view for the selected role.
* 2) It is possible to select between HTTP 404 error or custom error message for the case of access error.
* 3) Fixed to work for the custom post types with own user capabilities set.
* 4) “No role for this site” item is available in the roles list at a post level interface.
* 5) Restriction is not applied to the post by default if logged in user can edit it. It is possible to change this rule
* using filter ‘ure_restrict_content_view_for_authors_and_editors’. It takes and returns 1 boolean parameter: false – do not restrict, true – restrict.
* 6) Enhanced compatibility with the Events Manager plugin ( https://wordpress.org/plugins/events-manager ).
* 7) Fixed bug which did not allow to open roles list for a new (not saved) post.
* 8) It is possible to retrieve post view access restrictions data for the post ID from other plugins,
for example do not sent new post notification to the users, who don’t have access to view it.
* Function ure_get_post_view_access_users() returns the object with properties:
* 1) restriction: string: prohibited/allowed;
* 2) roles – array of roles, for which this restriction is applied;
* 3) users: array of user ID, which have those roles.
* Edit posts/pages restrictions add-on:
* 1) Bug fix: when user with posts/pages edit restrictions may access restricted posts/pages directly by post ID and got ‘Edit’ URL for the restricted post at the front-end.
* 2) If you set ‘edit posts/pages with author user ID’ restriction, it is applied to ALL post types. That is if author does not have any posts at some post type, user will see the empty list of posts at that type.
If you set ‘edit posts/pages/custom post types with ID’ only then restrictions are applied only to the post types to which posts belongs.
* 3) It is possible now to set edit restrictions for the user by category/taxonomy ID.
* 4) Pages filtering enhanced for compatibility with other plugins, respecting “get_pages” filter (like “CMS Tree Page View” one).
* 5) User with post/pages edit restrictions applied can see own unattached media library items in additions to the allowed posts attachments.
* 6) If posts/pages restrictions were not set for the user, full list of media library items is available.
* 7) Filter ure_attachments_show_full_list allows to show full Media Library items list to the user with editing restrictions set.
* 8) Filter ure_posts_show_full_list allows to show full posts/pages/custom posts types list to the user with editing restrictions set.


* 14.06.2015
* It is possible to input license code to the wp-config.php now. Add this line:

define(URE_LICENSE_KEY, 'your-license-code-here');

Users uncomfortable with wp-config.php editing may still input license code at “Settings->User Role Editor->General” tab.
* License code saved at the “Settings->User Role Editor->General” tab is not removed anymore after change of site absolute path, host or database name.
* Bug was fixed: “Network Update” did not work at FireFox due to JavaScript bug.
* PHP notice was removed. It was shown at the Plugins page, when an update to the URE Pro was available.


* 28.05.2015
* Bug fix: Edit posts/pages restrictions add-on: Now user can not edit prohibited post/page manually inserting its ID to the edit URL.
* Admin menu access add-on: ‘Customize’ menu item is available now for non-English WordPress default languages too.


* 06.05.2015
* Bug fix for “Admin menu access” add-on: direct access to the wp-admin/customize.php link (Appearance->Customize menu item) was not blocked properly.
* As additional security measure “Welcome” panel is removed for the role with access restriction to the “Customize” admin menu item.


* 30.04.2015
* Calls to the functions add_query_arg(), remove_query_arg() are escaped with esc_url_raw() to exclude potential XSS vulnerabilities.


* 24.02.2015
* Fixed PHP fatal error for “Reset” roles operation.
* Fixed current user capability checking before URE Options page open.
* 3 missed phrases were added to the translations files.


* 11.02.2014
* Own custom user capabilities, e.g. ‘ure_edit_roles’ are used to restrict access to User Role Editor functionality. More information…
* Posts/pages edit access restriction add-on functionality was extended to the Media Library. Posts/pages attachments becomes unavailable automatically if correspondent post/page edit is prohibited.
* Posts/pages edit access restriction add-on works with custom post types now.
* Posts/pages view access restriction works with custom post types now.
* Admin menu items with empty user capability are available in “Admin menu access” add-on now. “Participants Database” plugin defines its menu this way.
* Some plugins use meta capabilities instead of real user capabilities, like ‘jetpack_admin_page’ in “JetPack” or ‘wpcf7_read_contact_forms’ in “Contact Form 7”. “Admin menu access” add-on recognizes such meta capabilities now. These meta-caps are replaced at “Admin menu” window with correspondent (mapped) real user capabilities for your further reference.
* Admin menu access add-on updated: ‘Howdy, …’ menu including ‘Logout’ menu item at top bar admin menu will not disappear after blocking ‘Profile’ menu.
* Top bar menu ‘SEO’ from “WP SEO from Yoast” plugin is blocked if user has no ‘manage_options’ capability or correspondent admin menu is blocked.
* Admin menu blocking is available for ‘administrator’ role under multisite. You should be superadmin. Do not give administrator access to URE in this case.
* More universal checking applied to the custom post type capabilities creation to exclude not existing property notices.
* New option “Edit user capabilities” was added. If it is unchecked – capabilities section of selected user will be shown in the readonly mode. Administrator (except superadmin for multisite) can not assign capabilities to the user directly. He should make it using roles only.
* Fixed JavaScript bug with ‘Reset Roles’ for FireFox v.34.


* 03.10.2014
* “Other roles access” additional module was added. It allows to define which other roles user with current role may see at WordPress: dropdown menus, e.g assign role to user editing user profile, etc.
* Correspondent front-end admin menu bar items are blocked according to settings of “Admin menu blocking” add-on.
* Edit access restrictions add-on: Bulk actions helper was added. It is possible to select posts from the posts list and allow/prohibit access for editing them to the group of users. Go to the “Posts/Pages”, select bulk action “Edit Access” and click “Apply”.
* uninstall.php was updated to delete data of “Widgets access”, “Other roles access” add-ons.
* Multisite: – case when URE was not network activated: It is possible to use own settings for single site activated instances of User Role Editor. It used the only version of settings values from the main blog earlier.
Important – in order to have ability to setup updates automatically URE should be activated for the main blog of the network.
Some critical options were hidden from the “Multisite” tab for single site administrators. Single site admin should not have access to the options which purpose is to restrict him.
Attention! In case you decide to allow single site administrator activate/deactivate User Role Editor himself, setup this PHP constant at the wp-config.php file:
Otherwise single site admin will not see User Role Editor in the plugins list after its activation. User Role Editor hides itself under multisite from all users except superadmin by default.


* 12.09.2014
* Rename role button was added to the URE toolbar. It allows to change user role display name (role ID is always the same). Be careful and double think before rename some built-in WordPress role.
* “create_sites” user capability was added to the list of built-in WordPress user capabilities for WordPress multisite. It does not exist by default. But it is used to control “Add New” button at the “Sites” page under WordPress multisite network admin.
* bug fix: WordPress database prefix value was not used in 2 SQL queries related to the “count users without role” module – updated.
* Admin menu access module: front-end admin menu bar was hidden for user for which you blocked at least one admin menu items.
* Admin menu access module: fixes for the processing of “Appearance” menu and its items “Themes”, “Customize” (required user capability, etc.).
* Roles export: file name with exported roles data is built now using this scheme: ure-roles-backup_Y-m-d_h_i_s.dat, e.g. ure-roles-backup_2014-09-05_15_23_09.dat