diff --git a/Gruntfile.js b/Gruntfile.js index 4a0569c..946ac03 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -15,7 +15,8 @@ module.exports = function ( grunt ) { jshint : { options : { smarttabs : true - } + }, + all: ['js/*'] }, sass : { dist : { diff --git a/bower.json b/bower.json index 2e00147..87fa87f 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "editorial-access-manager-wp", - "version": "0.2.0", + "version": "0.3.1", "homepage": "https://github.com/tlovett1/editorial-access-manager", "authors": [ "Taylor Lovett " diff --git a/classes/class-editorial-access-manager.php b/classes/class-editorial-access-manager.php index fcd180e..251cfca 100644 --- a/classes/class-editorial-access-manager.php +++ b/classes/class-editorial-access-manager.php @@ -128,17 +128,17 @@ public function filter_map_meta_cap( $caps, $cap, $user_id, $args ) { // If user is admin, we do nothing if ( ! in_array( 'administrator', $user->roles ) ) { - if ( 'roles' == $enable_custom_access ) { + if ( 'roles' === $enable_custom_access ) { // Limit access to whitelisted roles $allowed_roles = (array) get_post_meta( $post_id, 'eam_allowed_roles', true ); - if ( count( array_diff( $user->roles, $allowed_roles ) ) >= 1 ) { + if ( empty( $user->roles ) || count( array_diff( $user->roles, $allowed_roles ) ) >= 1 ) { $caps[] = 'do_not_allow'; } else { $caps = array(); } - } elseif ( 'users' == $enable_custom_access ) { + } elseif ( 'users' === $enable_custom_access ) { // Limit access to whitelisted users $allowed_users = (array) get_post_meta( $post_id, 'eam_allowed_users', true ); diff --git a/editorial-access-manager.php b/editorial-access-manager.php index b51afeb..95789e2 100644 --- a/editorial-access-manager.php +++ b/editorial-access-manager.php @@ -4,7 +4,7 @@ * Plugin URI: http://www.taylorlovett.com * Description: Allow for granular editorial access control for all post types * Author: Taylor Lovett - * Version: 0.3.0 + * Version: 0.3.1 * Author URI: http://www.taylorlovett.com */ diff --git a/languages/editorial-access-manager.pot b/languages/editorial-access-manager.pot index 1de5a88..7430be1 100644 --- a/languages/editorial-access-manager.pot +++ b/languages/editorial-access-manager.pot @@ -2,17 +2,17 @@ # This file is distributed under the same license as the Editorial Access Manager package. msgid "" msgstr "" -"Project-Id-Version: Editorial Access Manager 0.1.1\n" +"Project-Id-Version: Editorial Access Manager 0.3.1\n" "Report-Msgid-Bugs-To: " "https://github.com/tlovett1/editorial-access-manager/issues\n" -"POT-Creation-Date: 2014-10-08 19:32:32+00:00\n" +"POT-Creation-Date: 2014-11-26 15:26:48+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2014-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" -"X-Generator: grunt-wp-i18n 0.4.8\n" +"X-Generator: grunt-wp-i18n 0.4.9\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Poedit-Basepath: .\n" "X-Poedit-Language: English\n" @@ -29,34 +29,38 @@ msgstr "" msgid "Editorial Access Manager" msgstr "" -#: classes/class-editorial-access-manager.php:269 +#: classes/class-editorial-access-manager.php:346 msgid "Enable custom access management by" msgstr "" -#: classes/class-editorial-access-manager.php:271 -#: classes/class-editorial-access-manager.php:365 +#: classes/class-editorial-access-manager.php:348 +msgid "— No Change —" +msgstr "" + +#: classes/class-editorial-access-manager.php:349 +#: classes/class-editorial-access-manager.php:443 msgid "Off" msgstr "" -#: classes/class-editorial-access-manager.php:272 -#: classes/class-editorial-access-manager.php:340 +#: classes/class-editorial-access-manager.php:350 +#: classes/class-editorial-access-manager.php:418 msgid "Roles" msgstr "" -#: classes/class-editorial-access-manager.php:273 -#: classes/class-editorial-access-manager.php:353 +#: classes/class-editorial-access-manager.php:351 +#: classes/class-editorial-access-manager.php:431 msgid "Users" msgstr "" -#: classes/class-editorial-access-manager.php:278 +#: classes/class-editorial-access-manager.php:356 msgid "Manage access for roles:" msgstr "" -#: classes/class-editorial-access-manager.php:293 +#: classes/class-editorial-access-manager.php:371 msgid "Manage access for users:" msgstr "" -#: classes/class-editorial-access-manager.php:319 +#: classes/class-editorial-access-manager.php:398 msgid "Editorial access" msgstr "" diff --git a/package.json b/package.json index 9548c42..559e315 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "editorial-access-manager-wp", - "version": "0.3.0", + "version": "0.3.1", "repository": { "type": "git", "url": "https://github.com/tlovett1/editorial-access-manager.git" diff --git a/readme.txt b/readme.txt index 6cd3807..43e3175 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: http://www.taylorlovett.com Tags: editorial access management, user roles, user capabilities, role management, user permissions, administrator permissions Requires at least: 3.6 Tested up to: 4.1 -Stable tag: 0.3.0 +Stable tag: 0.3.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -48,6 +48,9 @@ the sidebar. == Changelog == += 0.3.1 = +* Fix bug where logged out user could edit role restricted post [@tripgrass](https://github.com/tripgrass) + = 0.3.0 = * Bulk edit access. Props [@marcochiesi](https://github.com/marcochiesi) * Filterable post types. Props [@marcochiesi](https://github.com/marcochiesi) diff --git a/tests/test-core.php b/tests/test-core.php index d51674f..1caf06c 100644 --- a/tests/test-core.php +++ b/tests/test-core.php @@ -362,4 +362,42 @@ public function testPageEditByNonWhitelistedEditorUser() { $this->assertTrue( ! ( current_user_can( 'edit_page', $page_id ) && current_user_can( 'publish_posts' ) && current_user_can( 'edit_others_posts' ) ) ); } + + /** + * Test an edit of a role restricted post by a logged out user + * + * @since 0.3.1 + */ + public function testLoggedOutUserRoleAccess() { + wp_set_current_user( 0 ); + + $page_id = $this->factory->post->create( array( 'post_type' => 'page' ) ); + + $this->_configureAccess( $page_id, 'roles', array( 'editor' ) ); + + $_POST['post_ID'] = $page_id; + $_GET['post'] = $page_id; + + $this->assertTrue( ! current_user_can( 'edit_page', $page_id ) ); + } + + /** + * Test an edit of a user restricted post by a logged out user + * + * @since 0.3.1 + */ + public function testLoggedOutUserUserAccess() { + $page_id = $this->factory->post->create( array( 'post_type' => 'page' ) ); + + $user = $this->_createAndSignInUser( 'author' ); + + $this->_configureAccess( $page_id, 'users', array(), array( $user->ID ) ); + + wp_set_current_user( 0 ); + + $_POST['post_ID'] = $page_id; + $_GET['post'] = $page_id; + + $this->assertTrue( ! current_user_can( 'edit_page', $page_id ) ); + } } \ No newline at end of file