Role Scoper 1.2.8 Beta 2 is available to address the following issues.  Since most changes pertain to custom post types support and/or other new WP 3.0 features, I would appreciate some testing feedback before I mark this as the stable release.

• BugFix : Custom-defined WP Nav menus were not filtered for RS restrictions / roles

• BugFix : Hidden Content Teaser was not applied to sticky posts

• BugFix : Hidden Content Teaser could not be enabled for custom post types

• BugFix : In admin menus, "Add New" was not properly suppressed in some configurations

• BugFix : File Attachment Filter was inactive for installations upgraded to WP 3.0 multisite and still using wp-content/uploads folder

• BugFix : On failed direct file access attempt, any page / term listings on 404 page were not filtered for RS restrictions / roles

• BugFix : XML-RPC submissions failed for users lacking blog-wide edit_posts capability

• BugFix : Category Roles, Category Restrictions bulk admin forms had invalid category edit links

• BugFix : Implicit role ownership (indicated by coloring in role metaboxes) was not indicacted correctly under some configurations

• Change : Suppress scroll links in Term Roles / Restrictions bulk admin form if terms total over 300

Role Scoper 1.2 Beta 2 is now available.  Changes in this version apply mainly to sites that are experiencing problems with File Filtering (for protecting direct URL access to images and attachments).  Here's the full change log:

• BugFix : File Filtering did not work on WP 3.0 Multisite

• BugFix : File Filtering did not work on new MU blogs until plugin re-activation or File Filtering re-enable

• BugFix : If redundant Page / Post / Category roles were stored to database, they could only be deleted one at a time (giving the appearance and effect of a failed role deletion)

• BugFix : Javascript error in Page Edit form, failed to set tooltip caption for Page Role checkboxes

• BugFix : PHP Warning on RS version upgrade if previous installation never customized RS options

If you already running RS 1.2 Beta 1 and the above bugs don't affect you, there is no need to upgrade.

Role Scoper 1.2 Beta 1 is now available.  This version adds WordPress 3.0 compatibility along with the following bug fixes and features:

WordPress 3.0 Compatibility

• Compat : WP 3.0 elimination of page.php, edit-pages.php, page-new.php broke many aspects of page filtering
• Compat : Support RS Roles, Restrictions for Custom Post Types created via WP 2.9 / 3.0 framework
• Compat : Support RS Roles for Custom Taxonomies created via WP 2.9 / 3.0 framework
• Compat : WP 3.0 Multisite menu items had invalid link

New Features

• Feature : Ajax interface for group membership selection
• Feature : Group membership requests
• Feature : Group membership recommendations (2-tier membership moderation)

Major Bug Fixes

• BugFix : RS Restrictions and Roles were not applied to Sticky Posts
• BugFix : File Filtering was not imposed based on Post/Page Restrictions or Default Category Roles (also required Private visibility)
• BugFix : With File Filtering enabled, attachment filenames with spaces, parenthesis and other special chars caused corrupt or ineffective .htaccess (possibly resulting in Internal Server Error)
• BugFix : Last blog paging link sometimes hidden when Hidden Content Teaser enabled (also caused WP-PageNavi conflict)
• BugFix : With Revisionary (or possibly other plugins) enabled, posts are inappropriately forced into default category in logged user cannot post there.
• BugFix : Custom calls to wp_dropdown_pages (in template or other plugin code) were sometimes filtered inappropriately

Minor Bug Fixes

• BugFix : When previewing a post, non-editors didn't see Page or Post listings in sidebar / topbar
• BugFix : Recent Comments widget included comments on unreadable posts, with WP 2.9
• BugFix : Custom WP_PLUGIN_DIR was not supported
• BugFix : In Bulk Object Roles Edit forms, links to edit roles of individual object were broken
• BugFix : RS addition to wp-admin footer forced horizontal scroll bar in IE7
• BugFix : Role Basis settings (User Roles and Group Roles enable / disable) were hidden and unalterable
• BugFix : If Page Reader is enabled as an "Additional Object Role", Private Page Reader also remains captioned as "Page Reader"
• BugFix : If Post Reader is enabled as an "Additional Object Role", Private Post Reader also remains captioned as "Post Reader"
• BugFix : Bad edit link on User Profile where user is a Group Manager for specific group(s)
• BugFix : When scanning Posts/Pages for unregistered attachments, File Attachment Utility did not distinguish broken links

Plugin Compatibility

• Compat : WP-PageNavi - conflict with paging links, see above
• Compat : Amember - PHP Warning (array_diff_key) after importing users
• Compat : QTranslate - unparsed page titles in Page Parent dropdown
• Compat : Simple Section Nav - children of excluded pages bubbled up to the page menu
• Compat : Reveal IDs plugin wiped out "Groups" column in Edit Users page
• Compat : Role Scoper potentially wiped out other plugin custom columns on Edit Users page

Other Changes

• Change : Apply Excerpt Teaser Prefix,Suffix whenever excerpt, pre-more, or first X chars replace content, if SCOPER_FORCE_EXCERPT_SUFFIX is defined.
• Perf : Don't load and initialize Role Scoper on asynchronous dashboard feed calls (WP dev blog, etc.)

Thanks to all the clients and forum users who pushed these features and fixes.

Last Saturday, a faithful support forum participant reported a bizarre bug involving Category checkboxes on the WordPress Post Edit form.  Role Scoper adds "Readers", "Contributors" and "Editors" boxes - each containing checkboxes to grant access to a specific User or Group.  It seems that some of these checkboxes, when clicked, caused one of the Category checkboxes to be (un)checked accordingly.  Obviously, this is a major bug for sites using Category Roles.

I tracked this error to the WordPress javascript!  WP 2.9 includes a change in wp-admin/js/post.js which makes any plugin-inserted checkbox array an involuntary vehicle of this error.  I have submitted a ticket in the WordPress bug tracking database, but don't know whether it will be corrected in the WP 2.9 branch.  To manually patch your installation, edit wp-admin/js/post.dev.js as follows:

change:

$('#in-category-' + id + ', #in-popular-category-' + id).attr( 'checked', c );

to:

if ( id && t.parents('#categorydiv').length )
  $('#in-category-' + id + ', #in-popular-category-' + id).attr( 'checked', c );

Then rename post.dev.js to post.js

An updated version of the Role Scoper plugin for WordPress is now available.  This is an important release for anyone using the File Filtering function, which controls direct access attempts to files that are attached to your private or restricted posts.  If you have previously given up on that option due to ugly errors with past RS versions, give it another try.

Thanks to those who have provided patient feedback as I work to make this difficult operation work reliably on all server configurations.  The other fixes and changes in this version will only affect a minority of users:

File Filtering Fixes:

• BugFix : File Filtering failed if WP was installed in html root folder, possibly causing an Internal Server Error

• BugFix : In WP-MU with File Filtering enabled, .htaccess file in uploads folders was regenerated on each site access (since 1.1.2) - possibly causing Internal Server Error or poor performance

• BugFix : In non-MU installations, .htaccess file was not immediately updated on activation / deactivation of File Filtering - making the selection appear ineffective

Other Changes:

• BugFix : Non-Administrators could not modify any Roles or Restrictions via bulk admin forms, even if some are delegated to them

• Lang : Added Spanish translation

• Change : Use https link for Role Scoper css and js files if ssl is being used / forced for the current uri

• BugFix : Archives listing using postbypost listing type did not display private posts to logged Administrator

• BugFix : Template function is_protected() / is_restricted() did not work with secondary queries

• BugFix : Private posts / pages not sometimes hidden from logged Administrators in front-end custom query results

• BugFix : PHP warnings on Edit Post / Page form (if WordPress debug mode enabled)

• BugFix : PHP notice for undefined constant (SCOPER_FORCE_FILE_INCLUSIONS)

• Feature : Support SCOPER_TEASER_HIDE_PAGE_LISTING definition, to suppress teased pages from front-end listing (while still applying teaser on direct access)

Role Scoper has been translated into Spanish!  This translation applies to the Role Scoper Options form and all Restriction and Role setting interfaces.  Just extract the scoper.po and scoper.mo files into your plugins/role-scoper/languages folder.  Those files will be bundled in the next Role Scoper release.

Thanks to Rafael Pérez Gana of Rafo® Computación & Web for volunteering this work.

Those of you who experienced a fatal error after installing the last RS version can now fix that by upgrading to Role Scoper 1.1.5.  My apologies.

An updated version of Role Scoper is available to address remaining problems with WP-MU compatibility. Under some configurations, the File Filtering functionality caused corruption of the .htaccess file at the time of Role Scoper activation. The cause of this error is now pinpointed and corrected.

Other WP-MU users may have found that File Filtering was ineffective in version 1.1.3. This too is corrected.

There is no need to install this upgrade on standard (non-MU) WordPress installations.

An updated version of the Role Scoper plugin is now available.  It resolves a fatal error which occurred on WordPress MU version upgrades, corrects the filtering of trashed posts/pages in the wp-admin listings, and corrects a number of other bugs which emerged in the heavily modified version 1.1 code base.

The full change log:

WP-mu Fatal Error

• BugFix : Fatal error on wp-MU version upgrade, due to failed get_home_path() call (since 1.1.RC1)

File Filtering

• BugFix : .htaccess file was not regenerated when File Filtering is re-enabled following a disable (since 1.1.RC1)
• BugFix : File Filtering was not imposed for new attachments to private / restricted posts (since 1.1 RC1)

WP 2.9 Trash Function

• BugFix : Trashed posts / pages were included in edit listing when status filter set to default "All"
• BugFix : Trashed pages were included in Page Parent dropdown

Significant, Prevalent Bugs (new in 1.1 code base)

• BugFix : Main Page was not selectable when Quick Editing a Page
• BugFix : Posts were included in get_pages listing if "Include private pages in listing" option was disabled and Hidden Content Teaser turned off
• BugFix : When Contributor / Author category selection is limited, valid default category was not automatically selected
• BugFix : Some Category Roles were inappropriately auto-deleted on blogs which originated with WP < 2.3 (and have cats with term_taxonomy_id != term_id)
• BugFix : With Limited Editing Elements option enabled, some Post/Page Edit Form elements were inappropriately hidden from Editors / Authors / Contributors

Significant but Obscure 1.1 Bugs (only affect nonstandard config)

• BugFix : "Not valid" error message when a non-administrator saves a post/page with Role Type option set to "WP"
• BugFix : If RS Realm was customized for Page Roles only, the Restrictions menu included an invalid link to Category Restrictions
• BugFix : Some custom taxonomy queries were not filtered correctly
• BugFix : If "Remap terms" option was disabled, Category Edit Form did not list editable categories whose parent is uneditable

Significant but Rare 1.1 Bugs (only affect some installations)

• BugFix : New Pages / Posts did not inherit parent restrictions, in some installations
• BugFix : New Role assignments fail if MySQL does not convert nullstring to zero value for datetime storage
• BugFix : If Additional Object Roles option was enabled for some role, Page/Post assignments of that role could not be removed
• BugFix : PHP Warning on Group creation, in some installations

Hidden Content Teaser

• BugFix : Template function is_teaser_rs() did not work unless post ID was explicitly passed in (should default to ID of global $post)
• BugFix : Hidden Content Teaser, when applying "first x chars" teaser, stripped out img tag but not image caption
• Feature : Support SCOPER_NO_FEED_TEASER constant definition to prevent teasing of feed items even if teaser is enabled for main posts/pages listing

Nuisance Bugs

• BugFix : Convenience links to Category / Page Restrictions and Roles (within caption text) were invalid
• BugFix : "Browse Members" link on User Groups management page was broken
• BugFix : On General Roles assignment attempt, role selections were not preserved if user/group selection is missing

Plugin Compatibility

• Compat : PHP Warnings with WP Facebook Connect plugin

Some WordPress mu administrators have reported severe errors after updating to Role Scoper 1.1.

These appear to be caused by Role Scoper's revised file filtering mechanism, which inserts custom .htaccess directives.  Although designed and tested specifically for WP-mu, these changes have crashed at least two sites.  Since the cause and prevelance of this error is not yet known, I have published Role Scoper 1.1.2, which disables File Filtering by default for new installations, and turns it off for existing WP-mu installations.

If you are already hit by this error, recover by restoring the contents of your .htacess file to .htaccess-dist. Next, turn off File Filtering ( Site Admin > Role Options > File Filtering), or by adding the following line to wp-config.php:

define('DISABLE_ATTACHMENT_FILTERING', true);

By doing so, you will disable Role Scoper's file attachment filtering feature.

I expect to correct this error once I get some detailed feedback on the WP-mu error condition.  Until then, feel free to turn the feature back on manually and correspond with me on the details of any errors that arise.