Merge pull request #365 from GM-Alex/next

Bump version 2.2.18

composer.json

@@ -3,7 +3,7 @@
   "description": "User Access Manager plugin for Wordpress",
   "type": "wordpress-plugin",
   "license": "GPL-2.0",
-  "version": "2.2.17",
+  "version": "2.2.18",
   "authors": [
     {
       "name": "Alexander Schneider",

includes/language.php

@@ -172,6 +172,8 @@
 define('TXT_UAM_SHOW_ASSIGNED_GROUPS_DESC', __('Show assigned groups next to the edit link', 'user-access-manager'));
 define('TXT_UAM_HIDE_EDIT_LINK_ON_NO_ACCESS', __('Hide edit link on no access', 'user-access-manager'));
 define('TXT_UAM_HIDE_EDIT_LINK_ON_NO_ACCESS_DESC', __('Hides the edit link if the user has no write access.', 'user-access-manager'));
+define('TXT_UAM_EXTRA_IP_HEADER', __('Extra IP header', 'user-access-manager'));
+define('TXT_UAM_EXTRA_IP_HEADER_DESC', __('Use this header for the user IP address if you are using a proxy. A valid value is for example HTTP_X_REAL_IP.', 'user-access-manager'));
 
 // --- Setting Page -> default values ---
 define('TXT_UAM_SETTING_DEFAULT_NO_RIGHTS', __('No rights!', 'user-access-manager'));

init.php

@@ -80,6 +80,7 @@ function initUserAccessManger()
     $userGroupHandler = new UserGroupHandler(
         $wordpress,
         $wordpressConfig,
+        $mainConfig,
         $database,
         $objectHandler,
         $userHandler,

package.json

@@ -1,6 +1,6 @@
 {
   "name": "user-access-manager",
-  "version": "2.2.17",
+  "version": "2.2.18",
   "description": "[![Build Status](https://travis-ci.org/GM-Alex/user-access-manager.svg)](https://travis-ci.org/GM-Alex/user-access-manager)",
   "main": "index.js",
   "directories": {

readme.txt

@@ -3,8 +3,8 @@ Contributors: GM_Alex
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=1947052
 Tags: admin, access, member area, members, member, member access, page, pages, post, posts, private, privacy, restrict, user, user access manager, user management
 Requires at least: 4.7
-Tested up to: 5.9
-Stable tag: 2.2.17
+Tested up to: 6.1
+Stable tag: 2.2.18
 
 With the "User Access Manager"-plugin you can manage the access to your posts, pages and files.
 
@@ -59,6 +59,13 @@ Here you found the changes in each version.
 
     Version     Date        Changes
 
+    2.2.18      2022/11/14  Fix issue with label id. Thanks to elbakkali
+                            Add elementor support. Thanks to JboyJW
+                            Fix possible issue with PHP 8. Thanks to ollycross
+                            Fix attachment issue.
+                            Fix tags issue.
+                            Make extra IP header configurable.
+
     2.2.17      2022/02/15  Fix issue with big picture handling. #350
 
     2.2.16      2022/01/25  Check compatibility for Wordpress 5.9.
@@ -456,7 +463,7 @@ See: [https://github.com/GM-Alex/user-access-manager/wiki/FAQ](https://github.co
 
 == Screenshots ==
 
-1. The group manger.
+1. The group manager.
 2. The setting screen
 3. The setup screen.
 4. Integration into post overview.

src/Config/MainConfig.php

@@ -109,6 +109,9 @@ private function addDefaultGeneralConfigParameters(array &$configParameters)
         $id = 'hide_edit_link_on_no_access';
         $configParameters[$id] = $this->configParameterFactory->createBooleanConfigParameter($id, true);
 
+        $id = 'extra_ip_header';
+        $configParameters[$id] = $this->configParameterFactory->createStringConfigParameter($id, 'HTTP_X_REAL_IP');
+
         $id = 'protect_feed';
         $configParameters[$id] = $this->configParameterFactory->createBooleanConfigParameter($id, true);
 
@@ -623,4 +626,12 @@ public function getActiveCacheProvider(): ?string
     {
         return $this->getParameterValue('active_cache_provider');
     }
+
+    /**
+     * @return null|string
+     */
+    public function getExtraIpHeader(): ?string
+    {
+        return $this->getParameterValue('extra_ip_header');
+    }
 }

src/Controller/Backend/SettingsController.php

@@ -453,7 +453,8 @@ private function getOtherSettingsForm(): Form
             'blog_admin_hint',
             'blog_admin_hint_text',
             'show_assigned_groups',
-            'hide_edit_link_on_no_access'
+            'hide_edit_link_on_no_access',
+            'extra_ip_header'
         ];
 
         return $this->formHelper->getSettingsForm($parameters);

src/Controller/Frontend/FrontendController.php

@@ -137,4 +137,25 @@ public function getWpSeoUrl($url, string $type, object $object)
     {
         return ($this->accessHandler->checkObjectAccess($type, $object->ID) === true) ? $url : false;
     }
+
+    /*
+     * Elementor
+     */
+
+    /**
+     * @param $content
+     * @return mixed
+     * @throws UserGroupTypeException
+     */
+    public function getElementorContent($content)
+    {
+        $this->wordpress->removeAction('elementor/frontend/the_content', [$this, 'getElementorContent']);
+        $post = $this->wordpress->getCurrentPost();
+
+        if ($this->accessHandler->checkObjectAccess($post->post_type, $post->ID) === false) {
+            $content = htmlspecialchars_decode($this->mainConfig->getPostTypeContent($post->post_type));
+        }
+
+        return $content;
+    }
 }

src/File/FileHandler.php

@@ -168,6 +168,7 @@ private function deliverFileViaFopen(string $file)
      */
     private function deliverFile(string $file, bool $isInline)
     {
+        header("HTTP/1.1 200 OK");
         $downloadType = $this->mainConfig->getDownloadType();
 
         if ($downloadType === 'xsendfile') {

src/UserAccessManager.php

@@ -50,7 +50,7 @@
  */
 class UserAccessManager
 {
-    const VERSION = '2.2.17';
+    const VERSION = '2.2.18';
     const DB_VERSION = '1.6.1';
 
     /**
@@ -692,6 +692,21 @@ public function addActionsAndFilters()
         $this->wordpress->addAction('wp_enqueue_scripts', [$frontendController, 'enqueueStylesAndScripts']);
         $this->wordpress->addFilter('get_ancestors', [$frontendController, 'showAncestors'], 20, 4);
         $this->wordpress->addFilter('wpseo_sitemap_entry', [$frontendController, 'getWpSeoUrl'], 1, 3);
+        $this->wordpress->addFilter(
+            'elementor/frontend/builder_content_data',
+            function ($data, $postId) use ($frontendController) {
+                if ($this->wordpress->getQueriedObjectId() === $postId) {
+                    $this->wordpress->addAction(
+                        'elementor/frontend/the_content',
+                        [$frontendController, 'getElementorContent']
+                    );
+                }
+
+                return $data;
+            },
+            10,
+            2
+        );
 
         // Post controller
         $frontendPostController = $this->controllerFactory->createFrontendPostController();

src/UserGroup/UserGroup.php

@@ -96,7 +96,7 @@ public function getIpRange()
      */
     public function getIpRangeArray(): array
     {
-        return explode(';', $this->ipRange);
+        return explode(';', (string) $this->ipRange);
     }
 
     /**

src/UserGroup/UserGroupHandler.php

@@ -18,6 +18,7 @@
 namespace UserAccessManager\UserGroup;
 
 use Exception;
+use UserAccessManager\Config\MainConfig;
 use UserAccessManager\Config\WordpressConfig;
 use UserAccessManager\Database\Database;
 use UserAccessManager\Object\ObjectHandler;
@@ -42,6 +43,11 @@ class UserGroupHandler
      */
     private $wordpressConfig;
 
+    /**
+     * @var MainConfig
+     */
+    private $mainConfig;
+
     /**
      * @var Database
      */
@@ -85,13 +91,15 @@ class UserGroupHandler
     public function __construct(
         Wordpress $wordpress,
         WordpressConfig $wordpressConfig,
+        MainConfig $mainConfig,
         Database $database,
         ObjectHandler $objectHandler,
         UserHandler $userHandler,
         UserGroupFactory $userGroupFactory
     ) {
         $this->wordpress = $wordpress;
         $this->wordpressConfig = $wordpressConfig;
+        $this->mainConfig = $mainConfig;
         $this->database = $database;
         $this->objectHandler = $objectHandler;
         $this->userHandler = $userHandler;
@@ -261,7 +269,10 @@ public function unsetUserGroupsForObject()
      */
     private function checkUserGroupAccess(UserGroup $userGroup): bool
     {
-        $userIp = $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
+        $extraIpHeader = $this->mainConfig->getExtraIpHeader();
+        $userIp = $extraIpHeader !== null ?
+            $_SERVER[$extraIpHeader] ?? ($_SERVER['REMOTE_ADDR'] ?? '') :
+            $_SERVER['REMOTE_ADDR'] ?? '';
 
         return $this->userHandler->isIpInRange($userIp, $userGroup->getIpRangeArray())
             || $this->wordpressConfig->atAdminPanel() === false && $userGroup->getReadAccess() === 'all'
@@ -295,7 +306,7 @@ private function assignDynamicUserGroupsForUser(WP_User $currentUser, array &$us
 
     /**
      * Returns the user groups for the user.
-     * @return AbstractUserGroup[]
+     * @return AbstractUserGroup[]|null
      * @throws UserGroupTypeException
      */
     public function getUserGroupsForUser(): ?array

src/View/MediaAjaxEditForm.php

@@ -54,11 +54,12 @@
             ?>
             <li>
                 <input type="checkbox"
-                       id="<?php echo $groupsFormName; ?>-<?php echo $userGroup->getId(); ?>" <?php echo $attributes; ?>
+                       id="media-<?php echo $groupsFormName; ?>-<?php echo $userGroup->getId(); ?>"
+                       <?php echo $attributes; ?>
                        value="<?php echo $userGroup->getId(); ?>"
                        name="<?php echo "{$groupsFormName}[{$userGroup->getId()}][id]"; ?>"
                        data-="uam_user_groups"/>
-                <label for="<?php echo $groupsFormName; ?>-<?php echo $userGroup->getId(); ?>" class="selectit"
+                <label for="media-<?php echo $groupsFormName; ?>-<?php echo $userGroup->getId(); ?>" class="selectit"
                        style="display:inline;">
                     <?php echo htmlentities($userGroup->getName()) . $addition; ?>
                 </label>

src/Wrapper/Wordpress.php

@@ -54,6 +54,7 @@
 use function get_post;
 use function get_post_type_object;
 use function get_post_types;
+use function get_queried_object_id;
 use function get_sites;
 use function get_taxonomies;
 use function get_taxonomy;
@@ -75,6 +76,7 @@
 use function plugin_basename;
 use function plugins_url;
 use function register_widget;
+use function remove_action;
 use function remove_filter;
 use function site_url;
 use function switch_to_blog;
@@ -299,6 +301,18 @@ public function addAction(string $tag, callable $functionToAdd, $priority = 10,
         return add_action($tag, $functionToAdd, $priority, $acceptedArguments);
     }
 
+    /**
+     * @param string $hookName
+     * @param callable $callback
+     * @param $priority
+     * @return bool
+     * @see \remove_action()
+     */
+    public function removeAction(string $hookName, callable $callback, $priority = 10)
+    {
+        return remove_action($hookName, $callback, $priority);
+    }
+
     /**
      * @param string $tag
      * @param bool|callable $functionToCheck
@@ -552,7 +566,7 @@ public function getWpQuery(): WP_Query
     public function isAdmin(): bool
     {
         //Ajax request are always identified as administrative interface page
-        if (wp_doing_ajax() === true) {
+        if (wp_doing_ajax() === true || defined('REST_REQUEST') && REST_REQUEST) {
             //So let's check if we are calling the ajax data for the frontend or backend
             //If the referer is an admin url we are requesting the data for the backend
             $adminUrl = get_admin_url();
@@ -1029,4 +1043,22 @@ public function isUserMemberOfBlog(): bool
     {
         return (bool) is_user_member_of_blog();
     }
+
+    /**
+     * @return int
+     * @see \get_queried_object_id()
+     */
+    public function getQueriedObjectId(): int
+    {
+        return (int) get_queried_object_id();
+    }
+
+    /**
+     * @return WP_Post|array|null
+     */
+    public function getCurrentPost()
+    {
+        global $post;
+        return $post;
+    }
 }

tests/Unit/Config/MainConfigTest.php

@@ -103,7 +103,8 @@ protected function setUp(): void
                 . 'administrator|editor|author|contributor|subscriber',
             'active_cache_provider' => 'selection|active_cache_provider|none|none|one',
             'show_assigned_groups' => 'bool|show_assigned_groups|true',
-            'hide_edit_link_on_no_access' => 'bool|hide_edit_link_on_no_access|true'
+            'hide_edit_link_on_no_access' => 'bool|hide_edit_link_on_no_access|true',
+            'extra_ip_header' => 'string|extra_ip_header|HTTP_X_REAL_IP'
         ];
     }
 
@@ -247,7 +248,7 @@ function ($id, $value) {
                 }
             ));
 
-        $configParameterFactory->expects($this->exactly(17))
+        $configParameterFactory->expects($this->exactly(18))
             ->method('createStringConfigParameter')
             ->will($this->returnCallback(
                 function ($id, $value) {

tests/Unit/Controller/Backend/SettingsControllerTest.php

@@ -709,7 +709,8 @@ public function testGetCurrentGroupForms()
                         'blog_admin_hint',
                         'blog_admin_hint_text',
                         'show_assigned_groups',
-                        'hide_edit_link_on_no_access'
+                        'hide_edit_link_on_no_access',
+                        'extra_ip_header'
                     ]
                 ],
                 [
@@ -720,7 +721,8 @@ public function testGetCurrentGroupForms()
                         'blog_admin_hint',
                         'blog_admin_hint_text',
                         'show_assigned_groups',
-                        'hide_edit_link_on_no_access'
+                        'hide_edit_link_on_no_access',
+                        'extra_ip_header'
                     ]
                 ]
             )