Core version: 4.24.1
- Fix: Critical bugs at URE_Content_View_Restrictions_Posts_List class.
- Update: Admin menu access module: It hides ‘Dashboard’ menu item from admin top bar menu in case this item blocked for the main (left side) admin menu.
Core version: 4.24.1
- Fix: Fatal error: Undefined class constant ‘content_for_roles’ in wp-content/plugins/user-role-editor-pro/includes/pro/classes/content-view-restrictions-posts-list.php on line 46
Core version: 4.24.1
- Fix: Error message “Update Failed: Plugin update failed” was shown after click “Update” at WordPress multisite “Network Admin – Plugins” page.
- Fix: PHP Fatal error: Call to undefined method URE_Posts_Edit_Access::get_attachments_list() in wp-content/plugins/user-role-editor-pro/includes/pro/classes/posts-edit-access.php on line 171
- Fix: Admin menu access module:
– “Block not Selected” model blocked allowed URLs inside Media Library (started from upload.php) and Appearance Menus (started from nav-menus.php) and other allowed URLs (just with additional parameters).
– WordPress Multisite – single site administrator get “Admin menu” dialog in the read-only mode for all roles. He should not edit just its own ‘administrator’ role.
– Direct access to the blocked menu item via URL was possible for URLs like one from WooCommerce’s “Products->Attributes” menu item:
– Blocked menu item could be selected as the 1st available menu item which leaded to the endless redirect loop.
– Blocked menu items search at the current user submenu copy was optimized (expanded or reordered submenu cases (like Events Manager) are processed correctly now).
- Fix: Meta Boxes access module: WooCommerce edit product/order page meta boxes were not hidden, fixed PHP notices generated in some cases.
- Fix: Export/Import module: PHP Notice: “Use of undefined constant value” was shown during import.
- Update: Export/Import module: applies base64 encode/decode to the processed data in order to exclude errors when working with multi-byte languages, like Japanese. Refresh your exported roles files as older data format is not supported starting from this version.
- Update: Admin menu access module – full copy of admin menu is created only when superadmin opens User Role Editor.
- Update: Meta Boxes access module:
– meta boxes are grouped by page to which they belong and sorted in alphabet order.
– meta boxes created by Advanced Custom Fields plugin are available at URE and can be blocked now.
- New: Export/Import module:’ure_sanitize_capability_filter’ filter was added. Use it to redefine user capability name valid characters set.Currently only letters, numbers, spaces, ‘_’,’-‘, ‘/’ are allowed.
- New: User capabilities page was integrated with “[User Switching](https://wordpress.org/plugins/user-switching/)” plugin – “Switch To” the editing user link iss added if “User Switching” plugin is available.
- Fix: PHP notice was generated by class-role-additional-options.php in case when some option does not exist anymore
- Update: ‘Add Capability’ button have added capability to the WordPress built-in administrator role by default. It did not work, if ‘administrator’ role did not exist. Now script selects automatically as an admin role a role with the largest quant of capabilities and adds new capability to the selected role.
- Fix: “Assign role to the users without role” feature ignored role selected by user.
- Marked as compatible with WordPress 4.5.
- Core version: 4.23.3
- Fix: Admin menu access add-on:
1) It was not possible to block top level menu items when menu was reordered, by some plugin, like WooCommerce.
2) Support for virtual ‘exist’ user capability was added. WordPress adds it automatically to every user.
It was not possible to block ‘Visual Composer’ top level menu and its ‘About’ submenu item. These points are protected by ‘exist’ capability.
- Core version: 4.23.3
- Fix: Admin menu access add-on: Direct URL was not blocked for the blocked admin menu item with link started from ‘admin.php’.
- Core version: 4.23.3
- Update: Call of deprecated mysql_server_info() is replaced with $wpdb->db_version().
- Update: Singleton pattern is applied to the URE_Lib class.
- Update: Code executed once after plugin activation is executed by the next request to WP and may use a WordPress action to fire with a needed priority.
- Update: Unused ‘add_users’ capability was removed from the list of core capabilities as it was removed from WordPress starting from version 4.4
- Fix: “Users – Without Role” button showed empty roles drop down list on the 1st call.
- Fix: ure-users.js was loaded not only to the ‘Users’ page.
- New: Full support for bbPress user capabilities and roles was added.
- New: Edit posts restrictions add-on: Rules are applied automatically to the child pages of the allowed/blocked page.
Use ‘ure_auto_access_child_pages’ filter if you wish to exclude the child pages from the edit restriction rules.
It should be used as a ‘must-use’ plugin, because of this filter is applied earlier then theme is loaded.
It seems that it’s too late to insert it into the theme’s functions.php file.
- Update: Content view restrictions are applied now to the front-end only. Use edit restrictions add-on to manage posts/pages visibility at WordPress back-end.
- Update: data update notice is shown now for all add-ons.
- Update: get_all_category_ids() function call deprecated from WordPress version 4.0 is replaced by call of get_terms() function.
- Fix: Edit posts restrictions add-on:
1) Blocked categories are not available now for selection at the new created post and at the posts list filter by category drop-down list.
2) Earlier you can not save new post with category assigned from the allowed categories list with error: You are not allowed to edit this post.
New post is created now with 1st category (from the allowed list) automatically assigned.
3) Data (saved at user level) have been deleted in case user attributes was updated not from WordPress back-end user profile page, but by directly, via WordPress API.
4) Posts filters and counters were enhanced for the case when user does not have posts available for editing.
- Fix: Admin menu access add-on: in some cases click on allowed(shown) menu item showed “Not enough permissions” error message.
Important: make database backup before installing this version. Admin menu access data is converted after plugin activation to the new format.
Data conversion from version older than 4.15 is not supported. If you have URE Pro version older than 4.15 install and activate URE version 4.21.1 first,
then proceed with version 4.22 and later.
- Fix: ‘ure_restrict_content_view_for_authors_and_editors’ filter blocked saving content view restrictions data at a post level.
- Fix: Network Admin – Users – Capabilities – ‘Update Network’ button did not work.
- Fix: ‘Update Network’ did not replicate ‘Widgets’ access add-on data if selected.
- Update: some HTML-code extracted from User_Role_Editor_Pro class to URE_Pro_View class.
- Update: It’s possible now to manage access to ‘Metaboxes’ for roles without ‘edit_posts’ capability.
- Core version: 4.21.1
- Fix: ‘Update’ button did not work at User’s Capabilities page due to confirmation dialog call error.
- Fix: post custom fields ‘post_access_error_action’, ‘post_access_error_message’ are hidden now from the users without ‘ure_view_posts_access’ capability.
- Update: German translation
- Core version: 4.21
- It’s possible to switch off the update role confirmation (Settings – User Role Editor – General tab).
- Standard confirm box before role update was replaced with custom one to exclude ‘Prevent this page from creating additional dialogs’ option in the Google Chrome browser.
- Option “Show plugins/themes notices to admin only” was added.
- “Additional options” section was added to the user role editor page. Currently it contains the only “Hide admin bar”. The list of options may be customized/extended by developers via “ure_role_additonal_options” filter (more details…).
- “Meta Boxes Access” add-on allows to manage access for roles to meta boxes of editor (posts, pages, custom post types) and dashboard pages (more details…).
- License key is checked in the real time after its input to help exclude input errors.
- ‘ure_default_post_access_error_action’ filter added to allow modify default value for the post view access error action: 1 – 404 HTTP error or 2 – show error message
- Fix: create_posts capability was lost for custom post types in spite of ‘activate create capability option’.
- Fix: Content view restrictions: roles list is saved now for attachments.
- Fix: Removed hard coded folder name (user-role-editor) from the used paths. User Role Editor Pro is hidden now from a user without permissions (administrator or ure_edit_roles), even if a user has access to the ‘activate_plugins’ capability.
- Fix: Translation strings updated
- German translation added
- Core version: 4.19.3
- Added option to force all custom posts types to use its own custom capabilities set instead of usage of one built on ‘post’, e.g. ‘edit_videos’ instead of ‘edit_posts’.
- User Role Editor Options page help section was updated.
- Fix: Admin menu access restrictions were not applied at ‘new-user.php’ page under multisite for the single site administrator role with ‘allow_edit_users_to_not_super_admin’ option turned on. Special flag was set to indicate that single site admin gets raised (superadmin) permissions temporary for the ‘user-new.php’ page, but current user is not the superadmin really. (This temporary permissions raising is done to allow single site admin to add new users under multisite.)
- Fix: Custom posts types selection query was updated to include all custom post types except ‘built-in’ types when adding custom capabilities for them.
- Fix: Admin menu access: URLs beyound admin menu are not blocked for the “block not selected” model now. This allows to work with posts under this model of blocking for example.