Merge pull request #75 from itthinx/pre-2.1.2

Pre 2.1.2

changelog.txt

@@ -1,5 +1,13 @@
 == Groups by itthinx - changelog.txt ==
 
+= 2.1.2 =
+* Fixed a warning that came up when the post type in a query is provided as an array indicating multiple post types.
+* Users who can administer Groups (with the groups_admin_groups capability) now also see posts restricted to groups
+  they do not belong to, in line with the ability to restrict access with groups they do not belong to for consistency's
+  sake.
+* Added a filter on woocommerce_product_is_visible so protected up-sell and cross-sell products
+  are effectively hidden.
+
 = 2.1.1 =
 * Changed the default value for legacy mode used on installation to false. Fixes database errors
   due to missing capability table at that stage.

groups.php

@@ -21,7 +21,7 @@
  * Plugin Name: Groups
  * Plugin URI: http://www.itthinx.com/plugins/groups
  * Description: Groups provides group-based user membership management, group-based capabilities and content access control.
- * Version: 2.1.1
+ * Version: 2.1.2
  * Author: itthinx
  * Author URI: http://www.itthinx.com
  * Donate-Link: http://www.itthinx.com
@@ -32,7 +32,7 @@
 if ( !defined( 'ABSPATH' ) ) {
 	exit;
 }
-define( 'GROUPS_CORE_VERSION', '2.1.1' );
+define( 'GROUPS_CORE_VERSION', '2.1.2' );
 define( 'GROUPS_FILE', __FILE__ );
 if ( !defined( 'GROUPS_CORE_DIR' ) ) {
 	define( 'GROUPS_CORE_DIR', untrailingslashit( plugin_dir_path( __FILE__ ) ) );
@@ -55,6 +55,9 @@
 if ( !defined( 'GROUPS_WP_LIB' ) ) {
 	define( 'GROUPS_WP_LIB', GROUPS_CORE_DIR . '/lib/wp' );
 }
+if ( !defined( 'GROUPS_EXTRA_LIB' ) ) {
+	define( 'GROUPS_EXTRA_LIB', GROUPS_CORE_DIR . '/lib/extra' );
+}
 if ( !defined( 'GROUPS_LEGACY_LIB' ) ) {
 	define( 'GROUPS_LEGACY_LIB', GROUPS_CORE_DIR . '/legacy' );
 }

lib/access/class-groups-post-access.php

@@ -89,6 +89,8 @@ public static function init() {
 		if ( apply_filters( 'groups_filter_the_posts', false ) ) {
 			add_filter( 'the_posts', array( __CLASS__, 'the_posts' ), 1, 2 );
 		}
+		// If we had a get_post filter https://core.trac.wordpress.org/ticket/12955
+		// add_filter( 'get_post', ... );
 		add_filter( 'wp_get_nav_menu_items', array( __CLASS__, 'wp_get_nav_menu_items' ), 1, 3 );
 		// content access
 		add_filter( 'get_the_excerpt', array( __CLASS__, 'get_the_excerpt' ), 1 );
@@ -174,6 +176,11 @@ public static function posts_where( $where, $query ) {
 				return $where;
 			}
 
+			// Groups admins see everything
+			if ( current_user_can( GROUPS_ADMINISTER_GROUPS ) ) {
+				return $where;
+			}
+
 			// 1. Get all the groups that the user belongs to, including those that are inherited:
 			$group_ids = array();
 			if ( $user = new Groups_User( $user_id ) ) {
@@ -509,13 +516,18 @@ public static function user_can_read_post( $post_id, $user_id = null ) {
 				$result = $cached->value;
 				unset( $cached );
 			} else {
-				$groups_user = new Groups_User( $user_id );
-				$group_ids   = self::get_read_group_ids( $post_id );
-				if ( empty( $group_ids ) ) {
+				// admin override and Groups admins see everything
+				if ( _groups_admin_override() || current_user_can( GROUPS_ADMINISTER_GROUPS ) ) {
 					$result = true;
 				} else {
-					$ids = array_intersect( $groups_user->group_ids_deep, $group_ids );
-					$result = !empty( $ids );
+					$groups_user = new Groups_User( $user_id );
+					$group_ids   = self::get_read_group_ids( $post_id );
+					if ( empty( $group_ids ) ) {
+						$result = true;
+					} else {
+						$ids = array_intersect( $groups_user->group_ids_deep, $group_ids );
+						$result = !empty( $ids );
+					}
 				}
 				$result = apply_filters( 'groups_post_access_user_can_read_post', $result, $post_id, $user_id );
 				Groups_Cache::set( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP );

lib/admin/class-groups-admin-posts.php

@@ -211,7 +211,7 @@ public static function bulk_edit_custom_box( $column_name, $post_type ) {
 					$output .= '</label>';
 
 					$user    = new Groups_User( get_current_user_id() );
-					$include = $user->group_ids_deep;
+					$include = Groups_Access_Meta_Boxes::get_user_can_restrict_group_ids( get_current_user_id() );
 					$groups  = Groups_Group::get_groups( array( 'order_by' => 'name', 'order' => 'ASC', 'include' => $include ) );
 
 					$output .= '<div class="groups-groups-container">';
@@ -526,20 +526,29 @@ private static function extend_for_orderby_groups_read( &$query ) {
 		$result = false;
 		if ( is_admin() ) {
 			// check if query is for a post type we handle
-			$post_type = $query->get( 'post_type' );
-			$post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
-			if ( !isset( $post_types_option[$post_type]['add_meta_box'] ) || $post_types_option[$post_type]['add_meta_box'] ) {
-				// only act on post etc. screens
-				$screen = get_current_screen();
+			$post_types = $query->get( 'post_type' );
+			if ( !is_array( $post_types ) ) {
+				$post_types = array( $post_types );
+			}
+			foreach( $post_types as $post_type ) {
+				$post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
 				if (
-					!empty( $screen ) &&
-					!empty( $screen->id ) &&
-					( $screen->id == 'edit-' . $post_type )
-					) {
-						if ( $query->get( 'orderby' ) == self::GROUPS_READ ) {
-							$result = true;
+					!isset( $post_types_option[$post_type]['add_meta_box'] ) ||
+					$post_types_option[$post_type]['add_meta_box']
+				) {
+					// only act on post etc. screens
+					$screen = get_current_screen();
+					if (
+						!empty( $screen ) &&
+						!empty( $screen->id ) &&
+						( $screen->id == 'edit-' . $post_type )
+						) {
+							if ( $query->get( 'orderby' ) == self::GROUPS_READ ) {
+								$result = true;
+								break;
+							}
 						}
-					}
+				}
 			}
 		}
 		return $result;
@@ -555,21 +564,30 @@ private static function extend_for_filter_groups_read( &$query ) {
 		$result = false;
 		if ( is_admin() ) {
 			// check if query is for a post type we handle
-			$post_type = $query->get( 'post_type' );
+			$post_types = $query->get( 'post_type' );
 			$post_types_option = Groups_Options::get_option( Groups_Post_Access::POST_TYPES, array() );
-			if ( !isset( $post_types_option[$post_type]['add_meta_box'] ) || $post_types_option[$post_type]['add_meta_box'] ) {
-				// only act on post etc. screens
-				$screen = get_current_screen();
+			if ( !is_array( $post_types ) ) {
+				$post_types = array( $post_types );
+			}
+			foreach( $post_types as $post_type ) {
 				if (
-					!empty( $screen ) &&
-					!empty( $screen->id ) &&
-					( $screen->id == 'edit-' . $post_type )
+					!isset( $post_types_option[$post_type]['add_meta_box'] ) ||
+					$post_types_option[$post_type]['add_meta_box']
 				) {
+					// only act on post etc. screens
+					$screen = get_current_screen();
 					if (
-						!empty( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] ) &&
-						is_array( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] )
+						!empty( $screen ) &&
+						!empty( $screen->id ) &&
+						( $screen->id == 'edit-' . $post_type )
 					) {
-						$result = true;
+						if (
+							!empty( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] ) &&
+							is_array( $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ] )
+						) {
+							$result = true;
+							break;
+						}
 					}
 				}
 			}

lib/core/wp-init.php

@@ -116,6 +116,11 @@ function is_user_member_of_blog( $user_id, $blog_id = 0 ) {
  */
 require_once( GROUPS_WP_LIB . '/class-groups-wordpress.php' );
 
+/**
+ * Extras ...
+ */
+require_once GROUPS_EXTRA_LIB . '/class-groups-extra.php';
+
 // widgets
 // include_once( GROUPS_CORE_LIB . '/class-groups-widgets.php' );
 // add_action( 'widgets_init', 'groups_widgets_init' );

lib/extra/class-groups-extra.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ * class-groups-extra.php
+ *
+ * Copyright (c) "kento" Karim Rahimpur www.itthinx.com
+ *
+ * This code is released under the GNU General Public License.
+ * See COPYRIGHT.txt and LICENSE.txt.
+ *
+ * This code is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * This header and all notices must be kept intact.
+ *
+ * @author Karim Rahimpur
+ * @package groups
+ * @since groups 2.1.2
+ */
+
+if ( !defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+/**
+ * Compatibility actions, filters, etc as needed.
+ */
+class Groups_Extra {
+
+	/**
+	 * Registers actions, filters ...
+	 */
+	public static function init() {
+		add_filter( 'woocommerce_product_is_visible', array( __CLASS__, 'woocommerce_product_is_visible' ), 10, 2 );
+	}
+
+	/**
+	 * Up-sell and cross-sell products are obtained directly by their ids and
+	 * no normal filters are executed that would hide them. This filter is used
+	 * instead to determine the visibility.
+	 * 
+	 * If at some point we had a get_post filter in WordPress, it could filter these
+	 * and we wouldn't need this.
+	 * 
+	 * @param boolean $visible
+	 * @param int $product_id
+	 * @return boolean
+	 */
+	public static function woocommerce_product_is_visible( $visible, $product_id ) {
+		if ( $visible ) {
+			$visible = Groups_Post_Access::user_can_read_post( $product_id );
+		}
+		return $visible;
+	}
+}
+add_action( 'init', array( 'Groups_Extra', 'init' ) );

readme.txt

@@ -1,10 +1,10 @@
 === Groups ===
 Contributors: itthinx, proaktion
 Donate link: http://www.itthinx.com/plugins/groups
-Tags: access control, groups, member, membership, memberships, access, capability, capabilities, content, download, downloads, file, file access, files, members, paypal, permission, permissions, subscription, subscriptions, woocommerce
+Tags: groups, access, access control, membership, memberships, member, members, capability, capabilities, content, download, downloads, file, file access, files, paypal, permission, permissions, subscription, subscriptions, woocommerce
 Requires at least: 4.0
-Tested up to: 4.7.3
-Stable tag: 2.1.1
+Tested up to: 4.7.4
+Stable tag: 2.1.2
 License: GPLv3
 
 Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.
@@ -187,9 +187,16 @@ See also the [Groups Documentation](http://docs.itthinx.com/document/groups/) pa
 13. Options - you can adjust the plugin's settings here.
 14. More options.
 
-
 == Changelog ==
 
+= 2.1.2 =
+* Fixed a warning that came up when the post type in a query is provided as an array indicating multiple post types.
+* Users who can administer Groups (with the groups_admin_groups capability) now also see posts restricted to groups
+  they do not belong to, in line with the ability to restrict access with groups they do not belong to for consistency's
+  sake.
+* Added a filter on woocommerce_product_is_visible so protected up-sell and cross-sell products
+  are effectively hidden.
+
 = 2.1.1 =
 * Changed the default value for legacy mode used on installation to false. Fixes database errors
   due to missing capability table at that stage.
@@ -232,6 +239,6 @@ See also the [Groups Documentation](http://docs.itthinx.com/document/groups/) pa
 
 == Upgrade Notice ==
 
-= 2.1.1 =
+= 2.1.2 =
 Groups 2.x simplifies the way access restrictions are handled.
-This release contains several fixes for errors and warnings, improves the plugin's security and improves the translation load process.
+This release contains improvements and fixes related to the visibility of posts by Groups administrators, internal procedures and compatibility with other plugins.