Merge pull request #335 from GM-Alex/next

Bump version 2.2.14

composer.json

@@ -3,7 +3,7 @@
   "description": "User Access Manager plugin for Wordpress",
   "type": "wordpress-plugin",
   "license": "GPL-2.0",
-  "version": "2.2.13",
+  "version": "2.2.14",
   "authors": [
     {
       "name": "Alexander Schneider",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "user-access-manager",
-  "version": "2.2.13",
+  "version": "2.2.14",
   "description": "[![Build Status](https://travis-ci.org/GM-Alex/user-access-manager.svg)](https://travis-ci.org/GM-Alex/user-access-manager)",
   "main": "index.js",
   "directories": {

readme.txt

@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
 Tags: admin, access, member area, members, member, member access, page, pages, post, posts, private, privacy, restrict, user, user access manager, user management
 Requires at least: 4.7
 Tested up to: 5.7
-Stable tag: 2.2.13
+Stable tag: 2.2.14
 
 With the "User Access Manager"-plugin you can manage the access to your posts, pages and files.
 
@@ -59,6 +59,10 @@ Here you found the changes in each version.
 
     Version     Date        Changes
 
+    2.2.14      2021/04/21  Fix bulk edit.
+                            Fix permission issue.
+                            Fix redirect typing issue.
+
     2.2.13      2021/04/15  Fix not logged in user handling.
                             Type fix for showEditLink.
 

src/Access/AccessHandler.php

@@ -180,21 +180,12 @@ public function checkObjectAccess(?string $objectType, $objectId, $isAdmin = nul
             ) {
                 $access = true;
             } else {
-                $access = true;
                 $membership = $this->userGroupHandler->getUserGroupsForObject($objectType, $objectId);
+                $access = $membership === []
+                    || array_intersect_key($membership, $this->getUserUserGroupsForObjectAccess($isAdmin)) !== [];
 
-                if (count($membership) > 0) {
-                    $userGroupDiff = array_intersect_key(
-                        $membership,
-                        $this->getUserUserGroupsForObjectAccess($isAdmin)
-                    );
-                    $nonLoggedInGroupKey = DynamicUserGroup::USER_TYPE . '|'
-                        . DynamicUserGroup::NOT_LOGGED_IN_USER_ID;
-
-                    $access = count($userGroupDiff) > 0 && (
-                            isset($userGroupDiff[$nonLoggedInGroupKey]) ||
-                            $this->wordpress->isUserMemberOfBlog()
-                        );
+                if ($access && $this->wordpress->isUserLoggedIn() && $this->wordpress->isMultiSite()) {
+                    $access = $this->wordpress->isUserMemberOfBlog();
                 }
             }
 

src/Controller/Backend/ObjectController.php

@@ -45,7 +45,9 @@
 class ObjectController extends Controller
 {
     const COLUMN_NAME = 'uam_access';
+    const BULK_ADD = 'add';
     const BULK_REMOVE = 'remove';
+    const BULK_OVERWRITE = 'overwrite';
     const DEFAULT_GROUPS_FORM_NAME = 'uam_user_groups';
     const DEFAULT_DYNAMIC_GROUPS_FORM_NAME = 'uam_dynamic_user_groups';
     const UPDATE_GROUPS_FORM_NAME = 'uam_update_groups';
@@ -343,20 +345,27 @@ private function getAddRemoveGroups(
         ?array &$addUserGroups = [],
         ?array &$removeUserGroups = []
     ) {
-        if ($addUserGroups === null) {
-            $addUserGroups = (array) $this->getRequestParameter(self::DEFAULT_GROUPS_FORM_NAME, []);
-        }
-
+        $groupsToChange = (array) $this->getRequestParameter(self::DEFAULT_GROUPS_FORM_NAME, []);
         $filteredUserGroupsForObject = $this->userGroupHandler->getFilteredUserGroupsForObject(
             $objectType,
             $objectId
         );
+
+        $addUserGroups = $addUserGroups ?? $groupsToChange;
         $removeUserGroups = array_flip(array_keys($filteredUserGroupsForObject));
         $bulkType = $this->getRequestParameter('uam_bulk_type');
 
-        if ($bulkType === self::BULK_REMOVE) {
-            $removeUserGroups = $addUserGroups;
+        if ($bulkType === self::BULK_ADD) {
+            $addUserGroups = $groupsToChange;
+            $removeUserGroups = [];
+        } elseif ($bulkType === self::BULK_REMOVE) {
             $addUserGroups = [];
+            $removeUserGroups = array_filter(
+                $groupsToChange,
+                function (array $group) {
+                    return isset($group['id']);
+                }
+            );
         }
     }
 

src/Controller/Backend/PostObjectController.php

@@ -75,6 +75,7 @@ public function editPostContent($post)
     public function addBulkAction($columnName)
     {
         if ($columnName === self::COLUMN_NAME) {
+            $this->getObjectInformation()->setObjectId(null);
             echo $this->getIncludeContents('BulkEditForm.php');
         }
     }

src/Controller/Frontend/RedirectController.php

@@ -308,11 +308,11 @@ private function getPostIdByName(string $name): int
 
     /**
      * Extracts the object type and id.
-     * @param object $pageParams
+     * @param mixed $pageParams
      * @param null|string $objectType
      * @param null|int|string $objectId
      */
-    private function extractObjectTypeAndId(object $pageParams, ?string &$objectType, ?string &$objectId)
+    private function extractObjectTypeAndId($pageParams, ?string &$objectType, ?string &$objectId)
     {
         $objectType = null;
         $objectId = null;
@@ -345,12 +345,12 @@ private function extractObjectTypeAndId(object $pageParams, ?string &$objectType
 
     /**
      * Redirects to a page or to content.
-     * @param array $headers The headers which are given from wordpress.
-     * @param object $pageParams The params of the current page.
+     * @param array|null $headers The headers which are given from wordpress.
+     * @param mixed $pageParams The params of the current page.
      * @return array
      * @throws UserGroupTypeException
      */
-    public function redirect(array $headers, object $pageParams): array
+    public function redirect(?array $headers, $pageParams): array
     {
         $fileUrl = $this->getRequestParameter('uamgetfile');
         $fileType = $this->getRequestParameter('uamfiletype');

src/UserAccessManager.php

@@ -50,7 +50,7 @@
  */
 class UserAccessManager
 {
-    const VERSION = '2.2.13';
+    const VERSION = '2.2.14';
     const DB_VERSION = '1.6.1';
 
     /**

src/View/BulkEditForm.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * UserProfileEditForm.php
+ * BulkEditForm.php
  *
  * Shows the bulk edit form at the admin panel.
  *

tests/Unit/Access/AccessHandlerTest.php

@@ -102,7 +102,15 @@ public function testCheckObjectAccess()
                 true
             ));
 
+        $wordpress->expects($this->exactly(3))
+            ->method('isUserLoggedIn')
+            ->will($this->onConsecutiveCalls(false, true, true));
+
         $wordpress->expects($this->exactly(2))
+            ->method('isMultiSite')
+            ->will($this->onConsecutiveCalls(false, true));
+
+        $wordpress->expects($this->exactly(1))
             ->method('isUserMemberOfBlog')
             ->will($this->returnValue(true));
 

user-access-manager.php

@@ -3,7 +3,7 @@
  * Plugin Name: User Access Manager
  * Plugin URI: https://wordpress.org/plugins/user-access-manager/
  * Author URI: https://twitter.com/GM_Alex
- * Version: 2.2.13
+ * Version: 2.2.14
  * Requires PHP: 7.2
  * Author: Alexander Schneider
  * Description: Manage the access to your posts, pages, categories and files.