Role Scoper 1.0.0 RC2: Role Propagation, Attachment Filtering

After over 6 months of beta development and testing, the WordPress permissions plugin Role Scoper nears a stable 1.0 release.  The refinements in Role Scoper 1.0.0 RC2 stem primarily from inquiries by two paying clients who are pleased to pass these improvements on to you.  If you need expedited, premium Role Scoper support or new plugin development, drop me a line.

The most significant fixes in this release involve propagating roles.  Although roles were properly inherited by children when assigned using the bulk administration form, newly created posts/pages/categories did not receive the role.  New categories also failed to receive any default Category Roles.

A major new feature is automatic access control for uploaded file attachments.  For sites running on an Apache web server, read access to files in the WP uploads folder will be granted only if the logged/anonymous user can read a containing post/page.  This filtering is applied whether the file is requested by WordPress URL or by direct file URL.  For non-Apache servers, only WordPress URL requests are filtered.

Other changes in 1.0.0 RC2:

  • feature: Ability to inherit roles/restrictions by changing parent, if no roles manually set
  • fixed: Restored WP 2.5 Compatibility
  • fixed: In some configurations, “Uncategorized” appears, though there are no Uncategorized posts
  • fixed: Bulk Admin category/page trees did not always nest properly
  • fixed: Category Scroll links in bulk admin form sometimes failed to size correctly
  • fixed: Bulk Admin screen margins/padding too narrow for IE6
  • fixed: Missing background color for Role Scoper Options divisions with WP 2.7
  • fixed: Option to “Suppress Private: caption” was not effective for private posts
  • fixed: ozh Admim Menus plugin conflict – missing Roles or Restrictions links in some installations
  • fixed: For a logged Administrator, Archived posts listings did not include Private posts
  • fixed: For credentialed users, Archives by Month included a month of “0”
  • fixed: Admin menu icons offset in WP 2.7 beta 3
  • fixed: Category selection in user profile was filtered by category edit capability; now filtered by category read capability (Subscribe2 compat)
  • change: Version update notice persists on each load of Options page, but only requeries the notice from agapetry server on scheduled interval

Update 1: Currently, direct file requests (to .jpg, .pdf, etc.) will be filtered only if your WordPress permalink setting is not set to “default”.

Update 2: Those who downloaded within the first 6 hours should note that the code is now revised slightly and repackaged as 1.0.0-rc2b.zip.  The only change is that failing direct file access attempts will now trigger a WordPress 404 screen unless you enter a wp-config definition to make them fail blankly.