Friday afternoon, I released Role Scoper 1.0.4 to address the following issues:

• BugFix : XML-RPC support (ScribeFire, WLW) was broken for non-administrators
• BugFix : exclude_tree argument was ineffective in get_terms / wp_list_categories call
• BugFix : Category Restrictions were not inherited upon new category creation
• BugFix : User groups were unusable on DB servers that do not support default value on text columns
• BugFix : Page Parent filtering was broken for Quick Edit
• BugFix : Option "role assignment requires blog-wide editor role" was only requiring blog-wide contributor role
• BugFix : Option "role assignment requires blog-wide editor role" did not suppress Roles, Restrictions sidebar menu
• BugFix : In Edit Post form, non-editors could see / select other users as "author"
• BugFix : invalid Category / Object role edit links displayed in user profile for non-editors in some configurations
• BugFix : Role Scoper Options inaccessable to administrator with WP 2.8.1
• Change : Deny implicit comment moderation rights to Authors if they lack moderate_comments cap
• Change : Moved option "Role administration requires a blog-wide Editor role" to main Options tab

Sadly, in addressing the WP 2.8.1 "explicit permissions" issue for RS Options, I broke all the other Roles and Restrictions menu links for administrators.  This is fixed in Role Scoper 1.0.4.1 My apologies for the inconvenience to those who downloaded 1.0.4.

Role Scoper 1.0.3.4 solves the mystery of plugin deactivation following use of the WordPress "update automatically" feature.  More precisely, it causes Role Scoper to be successfully reactivated following that update.

For the technically curious… the failure was due to WordPress' detection of a supplemental Role Scoper file (version_notice_rs.php) as a main plugin file.  This was due to the presence of '|Plugin Name:' in version_notice_rs.php, where it is used in a regular expression match to extract the plugin name for other plugins which may have Role Scoper extensions available.  The WordPress function get_plugins()  took that as proof of a "plugin file", and logged it ahead of role-scoper.php alphabetically.  The WordPress function wp_update_plugin() assumes that the first logged "plugin file" is the one to re-activate.  I solved this by moving version_notice_rs.php into a deeper subdirectory, as function get_plugins() only looks one level deep.

Note, the first time an auto-update is run, you may see the following nuisance error message:

The plugin role-scoper/admin/version_notice_rs.php has been deactivated due to an error: Plugin file does not exist.

Please ignore that message, which is simply a purging of the imaginary plugin out of WordPress' memory.

Those who have already activated Role Scoper 1.0.2 or higher do not need to run this update.  The only other change is a correction to the Roles and Restrictions menu locations with WordPress 2.8.

It appears that the built-in WordPress plugin updater does not re-activate Role Scoper after an update, nor has it ever - even though the message says "plugin reactivated successfully".  Please manually re-activate Role Scoper as needed after such an update.

I'm currently trying to track down the cause of this failure.  Versions 1.0.2.1 through 1.0.3.2 are simply an effort to appease the auto-updater; sorry for any confusion.

I'm surprised that this has only now been reported.  Have others run the auto-updater with successful  auto-reactivation?

Role Scoper 1.0.2 addresses the various bug reports which have trickled in over the last 6 weeks.  These bugs are all minor in severity and/or affect only a minority of installations.  For details see the change log below.

The only significant new feature is an option to enter usernames or ids (for role assignment) via comma-separated text entry instead of by checkbox selection. This will be a performance and convenience enhancement for installations with over 100 users.

The full change log:

• BugFix : Template function is_restricted_rs / is_exclusive_rs was non-functional on home page (since rc9.9311)
• BugFix : With Attachments Filter enabled, attachments larger than 10MB fail to download on some installations
• BugFix : Fatal Error when viewing a single post entry after RS Options modified to disable front-end filtering
• BugFix : Auto-delete orphaned role assignments left in DB by previous versions following category / group deletion
• BugFix : After an empty group was deleted, its role assignments were left in the database
• BugFix : Event Calendar events without an associated post were not displayed without calendar refresh
• BugFix : Post Restrictions and Post Roles did not display on PHP 4 servers
• BugFix : In Post/Page Edit Form, Author selection was inappropriately available to non-editors
• BugFix : Orphaned role assignments already stored to database will be autodeleted on RS version update
• BugFix : If the object type of a requested attachment parent cannot be determined, assume post
• BugFix : Teaser message displayed in header with some themes
• BugFix : http authentication prompt for RSS feeds with logged administrators on some installations
• BugFix : Hidden Editing Elements settings were not effective for unpublished posts/pages
• BugFix : If a memberless group was deleted, any assigned roles were left (orphaned) in the database
• Plugin : Conflict with WP-Wall plugin caused non-listing or double-listing of wall comments
• Feature : Option to accept CSV entry for user role assignment
• Feature : Bottom-right submit button on bulk admin forms if SCOPER_EXTRA_SUBMIT_BUTTON is defined

Role Scoper 1.0.1 is now available to address the following issues:

• BugFix : In some situations, non-attachments were included in Media Library listing
• BugFix : Low level users could not edit uploads from Media Library based on a Post/Page/Category role assignment
• BugFix : Cannot set static front page with Role Scoper activated
• BugFix : Users with editing role via Page / Category assignment could not bulk-delete posts/pages
• BugFix : Post/Page Edit divs configured as Hidden Editing Elements were not hidden for draft posts/pages
• BugFix : After a group was deleted, its role assignments were left in the database
• BugFix : PHP warnings viewing users list with WP < 2.8
• Change : WP 2.7 users with hacked WP template.php user_row code must define("scoper_users_custom_column", "true");
• BugFix : Failed to return results for manual WP_Query calls which include category exclusion argument
• BugFix : Role Scoper error messages were formatted with unreadable colors with WP 2.7
• BugFix : Conflict with ozhAdminMenus plugin, Page menus missing in some configurations
• BugFix : Conflict with WP-Wall plugin caused fatal error
• Feature : Options to hide User Groups, Scoped Roles from user profile

After 10 months of beta development and debugging, Role Scoper 1.0.0 is now a stable release in the WordPress Plugins Directory.  Many thanks to the hundreds of current users, especially the dozens of you who have contributed to this project with informative bug reports, thoughtful feature requests and pertinent usage questions in the support forum.

The last round of development versions (culminating in this release) included dozens of bug fixes and extensive performance enhacements to reduce memory usage.  To identify changes and fixes since your current version, see the change log in the role-scoper plugin directory, or here.

Some of you may have noticed that since installing Role Scoper Release Candidate 9, WordPress has stopped storing Post Revisions.  In reality, the revisions were stored but a recently added Page Parent filter had the side effect of wiping out the legitimate post_parent value, which WordPress uses to tie a revision to the corresponding published post ID.

Today's Role Scoper update corrects that error.  Any existing revisions stored since your installation of Role Scoper rc9 will remain unavailable unless you use a database editor/query to manually edit their post_parent value to the corresponding post ID.

This revision also fixes a few other minor bugs.

• BugFix : Post revisions not saved correctly (post_parent value set to 0), since rc9

• BugFix : PHP warning for htmlspecialchars_decode() when using RSS feed teaser message on a translated site
• BugFix : Tags filter did not support name__like, search arguments

• BugFix : PHP warning for array_diff_key() when calling get_categories with fields=ids

Role Scoper rc9.9215 is now available to fix several bugs.  They will not apply to everyone, but are probably driving you crazy if they do.  Most of the issues are implementation-specific or even server-specific.

Most significantly, Category Restrictions could become ineffective if Role Scoper's db cleanup code failed following a Category deletion.  (That cleanup code was strengthened in rc9.9212).  If a logged user had orphaned Category Roles equal to or greater than the number of restricted categories, no Category Restrictions were applied for that role.

In addition, on some server configurations, the Hidden Content Teaser spewed PHP warnings and/or was completely nonfunctional.

new fixes in rc9.9215:

• BugFix : Filtering for tag cloud did not prioritize top tags by usage
• BugFix : Further precautions against duplicate comment listings / multiplied comment counts (but currently corrupted comment counts will remain so until next comment storage)
• BugFix : Logged users with a WP role setting of "no role" were blocked from everything
• BugFix : In user profile, assigned roles were sometimes repeated in "contains" list

from v 1.0.0-rc9.9214:

• BugFix : Category Restrictions not applied if logged user has orphaned Category Roles equal to the number of restricted categories
• BugFix : PHP warning for htmlspecialchars_decode() when using Hidden Content Teaser with WordPress translation enabled
• BugFix : On some server configurations, Hidden Content Teaser was not effective at all (since rc8.9116)
• Perf : On some server configurations, redundant db queries.

Anyone using default Restrictions for Categories, Pages or Posts should upgrade to today's updated Role Scoper version.  Beginning with RC9.9211, a new bug in the Bulk Restriction administration form prevented the correct display of the "restricted" caption when a default restriction has no corresponding unrestrictions.

Your existing restrictions were not affected, but administration became very confusing with the conditionally incorrect captions.

Once again, user feedback has proven that a Role Scoper release candidate slightly unprepared for unsupervised flight.  The good news is that, thanks to such prompt support forum activity, the new-found bugs are already confirmed fixed.  Thanks to those of you who appreciate the permission control enough to ride these updates out.  I still think we're closing in on a level of stability that will warrant entry into the WordPress plugins directory, and with it one-click updates.

The full change log for Role Scoper 1.0.0-rc9.9212:

Front End:

• BugFix : Front-end bookmarks listing was hidden, in some configurations
• BugFix : Attachment comments (and comment counts) were hidden
• BugFix : Filtered tag cloud was not sized according to logged user access, did not includes tags for private posts.
• Change : Support queries for is_restricted_rs() / is_protected() template function run automatically as needed, no need to define SCOPER_EXTRA_TEMPLATE_FUNCTIONS

Hidden Content Teaser:

• Feature : Option to apply teaser only for logged users
• Feature : Teaser option for fixed content prefix / suffix
• Change : User-specified teaser prefix / suffix is always applied regardless of teaser mode
• BugFix : With Teaser enabled, Category counts did not include restricted content and categories with entirely hidden content were omitted from sidebar / topbar list

Attachment Filtering:

• BugFix : Intermittant failure of Attachment Filter to return images if server's output buffer became corrupted
• BugFix : Under some conditions, uploaded files show as broken or invisible inside Post / Page Edit Form

Media Uploader:

• BugFix : When adding New Post / Page, cannot upload files before post is saved
• BugFix : After a new Post is autosaved, non-administrators cannot upload files until a category is stored

Post / Page Edit:

• Feature : New option in Advanced tab "Role administration requires a blog-wide Editor role"
• BugFix : In some configurations, new posts were moved to default category unnecessarily
• BugFix : Posts menu disappeared while a page is edited, in some configurations
• BugFix : "Add New" included in menu even if user can only edit existing Pages / Posts
• BugFix : Posts saved via QuickPress were sent to alternate default category even if user has posting rights in default category
• BugFix : Role assignment tabs in Post / Page Edit Form did not not indicate implicit role ownership via blog-wide or category assignment of a containing role

Misc:

• BugFix : PHP warning on db_setup call at plugin activation
• Perf : Corrected dozens of (mostly harmless) references to undeclared variables or indexes