Role Scoper 1.0.0 Release Candidate 9

Role Scoper Release Candidate 9 is here, with a long list of refinements. The most significant changes are:

  • BugFix : WP 2.7: posts queries with a “category not in” argument returned missing or teased posts
  • BugFix : Attachments Filter blocked access to Media Library uploads that are not in any post/page
  • BugFix : Some get_terms and get_pages parameters were not supported
  • BugFix : tested and debugged API for custom role definition by 3rd party plugins
  • Perf : Database query optimizations
  • Feature : new RSS and Hidden Content Teaser options (using RSS filtering code from the Disclose Secret plugin)
  • Feature : Tag filtering to match post access
  • Feature : Editable capabilities for RS Role Definitions
  • Feature : Attachments utility to auto-register ftp-uploaded linked files as formal attachments
  • Feature : Contextual help links in admin
  • Feature : Options panel clarifies relationship between WP and RS role definitions
  • Feature : About page allows Administrators a quick review of Kevin’s motives, availability – and convenient PayPal access :) Note: images in the About page account for most of the 132K increase in the .zip size.

Thanks to everyone whose bug reports or feature requests contributed to this release… and to those who have waited on unanswered forum posts. To my knowledge, every pending defect or feature request is addressed by this revision.

The full change log follows. It’s long but overall the scope and severity of symptoms is consistent with the “final polish” cycle I believe we’re in. Yellow items were included in previous development versions since rc8.

Front End:

  • BugFix : WP 2.7: posts queries with a “category not in” argument returned missing or teased posts
  • BugFix : Tag filtering broke cloud sizing
  • Feature : Filter and cache front-end tag cloud content based on logged user’s access to posts (requires default get_tags parameters)
  • BugFix : DB error in front-end comment filtering when viewing single post/page
  • BugFix : Recent Comments not filtered on the front end if teaser is enabled
  • BugFix : Stored filtered comment_count to post db record
  • BugFix : get_comments_number() was not filtered
  • BugFix : For img tags which were broken by rc2-rc4, convert attachment_id URLs in stored post/page content back to file URL

RSS:

  • Feature : Support HTTP Authentication for RSS feeds
  • Feature : Optional Replacement of Readable RSS Content with teaser message (as in Disclose Secret plugin)

Hidden Content Teaser:

  • Feature : Hidden Content Teaser option to display content before more tag if no custom excerpt is stored
  • Feature : Hidden Content Teaser option to display first X characters if no custom excerpt or more tag is stored
  • Feature : Hidden Content Teaser option to use post content above <!–more–&t; tag as a teaser (with standard teaser statement also displayed below when viewing single post/page
  • BugFix : Category post count included pending / draft posts if using Hidden Content Teaser but not “hide private posts”
  • BugFix : Front end posts paging sometimes broken when Hidden Content Teaser enabled

File Attachments:

  • Feature : Attachments Utility to register linked uploads as attachments for filtering purposes
  • BugFix : Attachment filter blocked access to Media Library uploads that are not in any post/page
  • Change : Files in WP uploads folder which have no post/page attachment are not blocked unless SCOPER_BLOCK_UNATTACHED_UPLOADS defined

Categories / Pages / Links sidebar listing:

  • Feature : get_terms, get_pages filters support “exclude_tree” argument as in WP 2.7.1
  • BugFix : WP get_terms filter did not apply “search” and “offset” parameters
  • BugFix : get_terms filter always included child terms in post count regardless of pad_counts setting
  • BugFix : get_terms filter missed some terms if “number” argument used along with “hierarchical”, “parent” or “child_of”
  • BugFix : get_terms filter did not apply “child_of” or “hide_empty” parameters when fields set to “ids” or “names”
  • BugFix : Category cache was not cleared after category add / edit
  • BugFix : Persistant Cache for terms was not updated on introduction of new plugins which use the list_terms_exclusions filter
  • BugFix : get_pages filter did not apply “parent” parameter
  • BugFix : get_bookmarks filter did not apply “search” parameter

DB Query Optimization:

  • Perf : Option reduce memory usage in front-end access by assuming no content / user edits there
  • Perf : In Post / Page Edit form, improved cache implementation to eliminate dozens of redundant queries pertaining to users, groups
  • Perf : Reduce Post / Page edit form queries by including member list of each group in persistent cache
  • Perf : Post / Page Edit form had redundant queries for revisions
  • Perf : Cut category and tag query size in half by eliminating page clause if page categories are not enabled
  • Perf : sync_wp_roles operation was executed twice at first-time activation
  • Perf : If db select includes any terms regardless of post ID, don’t also include those terms in ID-specific clause
  • Perf : DB queries with a WP-imposed post/page object type requirement had an irrelevant RS-imposed clause for other object type
  • Perf : The optional comment count filter was applying post / page filtering needlessly
  • Perf : Execute support query for is_restricted_rs() template function only if SCOPER_EXTRA_TEMPLATE_FUNCTIONS defined
  • Perf : Teaser support query was executed even with teaser disabled
  • Perf : Categories were not stored to persistent cache
  • Perf : Front-end comment count filtering was executed redundantly on each post
  • Perf : Apply front-end comment count filtering (usually not needed) only if SCOPER_FILTER_COMMENT_COUNT defined

Bulk Administration of Roles:

  • BugFix : Non-admins could not assign object roles via bulk admin
  • BugFix : Users lacking a category management role could not bulk administer Post / Page roles
  • BugFix : Users lacking a blog-wide editing role saw checkboxes for bulk admin object role assignment though assignment attempts were rejected
  • BugFix : Some Roles / Restrictions links displayed inappropriately for non-admin users (though access was not granted)
  • BugFix : Roles / Restrictions submenu items were not removed when disabled via Realm options
  • BugFix : In Category Roles / Restrictions bulk admin, tree nesting was sometimes off for non-admin users
  • BugFix : Bulk Admin formatting rendered poorly in some IE versions

Edit Post / Page:

  • BugFix : Revision edit link was suppressed for non-editor users own revision
  • BugFix : On page add / edit, Page Parent selection was not fully filtered to match UI selections (had no impact for normal usage)
  • BugFix : In Edit Post/Page Form, role tabs could not be hidden via screen options
  • BugFix : In Edit Page Form, page parent dropdown was populated even if user is not permitted to move page parent from Main Page due to lack of blog-wide edit capability
  • BugFix : Contributors, Editors tabs were displayed if user has a blog-wide capability for any data source / object type (now only if for source / obj type being edited)
  • BugFix : Custom-specified Hidden Editing Elements were not hidden based on Require Blog-Wide Editing option if the user had a blog-wide editing capability for a different object type
  • BugFix : PHP Error in Post/Page Edit form when Realm Option “Object Roles and Restrictions for Posts/Pages” disabled
  • BugFix : In some WP 2.6 configurations, PHP array_keys warning in Edit Page form from users query (since rc3b)
  • BugFix : In WP 2.6, nuisance error message “page parent was reverted” following autosave of a page (including revision)
  • BugFix : PHP errors when non-admin user uploads media using Flash Uploader
  • BugFix : PHP error on bulk edits from Edit Posts / Edit Pages
  • BugFix : In Edit Post/Page role assignment, incorrect indication of implict “via group” role ownership in some cases
  • Change : If a user has a role implicitly via direct assigment of a superior role and via another blog/category scope, highlight them as “via other role”
  • Change : Color for “via other role” is now dark gray to distinguish from “via group”
  • Change : Prevent breaking spaces in User / Group Role Assignment key captions in Edit Post/Page Form
  • BugFix : In WP < 2.7, Page Parent tree did not display to non-administrators (and bogus error message on update)
  • BugFix : PHP Warning (nuisance) in Edit Post / Page Form – invalid foreach in item_roles_ui_rs.php

Role Scoper Options Admin:

  • Feature : Version Update notice is abbreviated with “more…” link
  • Change : Removed Object Types Realm Options (for disabling filtering of individual sources / object types) due to complications with hardway / teaser filtering, admin intimidation factor and low feature priority
  • Change : Removed Ignore Hierarchy Realm Options (now implemented as a config property modifiable by plugins if needed)
  • BugFix : Customization of capabilities for plugin-defined roles (via RS Options) not processed correctly
  • BugFix : xhtml validation errors in Role Scoper Options
  • Feature : RS Role Definitions have editable capabilities
  • Feature : WP Role Definitions list caps, contained RS roles

Admin – General:

  • Feature : Contextual Help links to Usage Guide sections
  • Feature : About Role Scoper page available to Administrators in admin
  • BugFix : PHP warning when viewing the profile of a user with a WP setting of “No Role”
  • BugFix : WP 2.7: “Add New” link for Posts / Pages displayed even when user can’t do it
  • BugFix : Users who have edit role on a Post/Page but not blogwide could not upload files and/or view them in Media Library
  • BugFix : Admin object listings sometimes unlinked when user has editing capability only via category role
  • Change : Improved formatting
  • Feature : User Profile lists roles which are “contained” in the assigned role(s)

Misc:

  • BugFix : rs_cache_flush.php failed due to use of undefined ABSPATH constant
  • BugFix : Attempt by external plugin to define custom capabilities fails
  • BugFix : In some configurations, failed to honor General assignment of a role which was custom-defined via plugin API
  • BugFix : Entire Persistant Cache was auto-flushed on each user login
  • BugFix : Fatal Error on some WP configurations when upgrading from rc2 or higher
  • BugFix : PHP Warning if post_cache is an object