itthinx / groups Goto Github PK

How to reproduce:

1. Create numerous posts and restrict them to a group.
2. Assign a user to a group that has access to say just 1 post (or none) from the few you created.
3. Add the core Categories widget to the sidebar (check: show post counts)
4. Widget will show empty categories (hide_empty is on by default), and clicking on them shows a 404 not found (because the user doesn't have access to any posts in that category, but WordPress still considers it not empty and keeps showing it in the list).

Expected Result

A category should be considered empty if a user has access to 0 posts in that category and WordPress would no longer display it in the widget.

Getting this warning when using Groups in WP:

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Groups_Pagination has a deprecated constructor in .../plugins/groups/lib/core/class-groups-pagination.php on line 29

in class-groups-post-access.php

• @todo when wp_count_posts() provides reasonable filters, use them so that
  • the post counts displayed on top are in line with the actual posts that
  • are displayed in the table; same for wp_count_attachments()
  • @see http://core.trac.wordpress.org/ticket/16603

I recently updated our site to 2.x and Groups_Post_Access::user_can_read_post() method now returns true for posts that users shouldn't be able to view.

Is this expected behavior?

Hello,

The Problem

When we have the classic WP Editor (or the tinyMCE editor) embedded elsewhere (like elementor page builder or any custom plugin page), then the following script is executed

if (document.readyState === "complete" || document.readyState === "interactive") {
    if (typeof jQuery !== "undefined") {
        jQuery("#attachments-39-groups-read").selectize({
            create: true,
            plugins: ["remove_button"]
        });
    }
} else {
    document.addEventListener("DOMContentLoaded", function() {
        if (typeof jQuery !== "undefined") {
            jQuery("#attachments-39-groups-read").selectize({
                create: true,
                plugins: ["remove_button"]
            });
        }
    });
}

directly in the page. From a quick search I see that the script is added to a bunch of pages like https://github.com/itthinx/groups/search?q=render_select&unscoped_q=render_select but I don't see that the needed selectize plugin is actually being enqueued to all of the pages.

This results in the error Uncaught TypeError: jQuery(...).selectize is not a function.

The quick solution

I believe this would prove to be a quick solution

if (document.readyState === "complete" || document.readyState === "interactive") {
-    if (typeof jQuery !== "undefined") {
+    if (typeof jQuery !== "undefined" && typeof jQuery.fn.selectize === "function") {
        jQuery("#attachments-39-groups-read").selectize({
            create: true,
            plugins: ["remove_button"]
        });
    }
} else {
    document.addEventListener("DOMContentLoaded", function() {
-        if (typeof jQuery !== "undefined") {
+        if (typeof jQuery !== "undefined" && typeof jQuery.fn.selectize === "function") {
            jQuery("#attachments-39-groups-read").selectize({
                create: true,
                plugins: ["remove_button"]
            });
        }
    });
}

The long term solution

This would be to identify why the above script is rendered on any page where tinyMCE is loaded. I don't know about elementor, but on my plugin I am using wp_editor to load the tinyMCE embedded editor for custom work. Looks like Groups plugin is hooking somewhere and injecting the inline JS, but not really enqueuing the dependencies. I don't know the inner workings of the plugin, but I can sure help you out to find the issue if you direct me where to look.

Hi,

I’m looking to use Groups in my website and have two questions. I like the fact that the data is stored in a straight forward way, compared to other group plugins and that it doesn’t have much overload in code.

1. I see some excellent pull request with additional filters and more. Are they being considered for merging?
2. What would be the best way to add meta-data to a group, without loosing compatibility with the plugin? Ideal there would be a database table for that I think. Is that something that’s part of current development or, if I was to create it myself, something that would be considered for merging?

Thanks!

Hi,

I have default site language set German, but in Administrator user profile I set to English as my working language. I am using Polylang and WPML plugins ( in separate environments)

For any other plugin I am using , dashboard showing them properly in English.

Groups plugin menus are not.

and disabling it exposes very sensitve data to the public and search engines...

this is a disaster. please help. let me know what I can do to help you to help me.

Groups version: 2.16.1
WordPress 5.9

We have about 12,000 users on our blog, so the plugin hangs for a long time upon activation. Eventually memory is exhausted as the activation cycles through Groups_User_Group::create() within Groups_Registered::activate(). The only way I could successfully activate the plugin was by commenting out the foreach over all users. I followed this up with an SQL query to make sure all the blog's users were added to the Registered group:

insert ignore into wp_3_groups_user_group 
select ID, 1 from wp_users u
join wp_usermeta um on um.user_id = u.ID and um.meta_key = 'wp_3_capabilities';

Perhaps (if this indeed is what the plugin does here) you could take a similar approach, which in my case only took 0.15 seconds.

See https://wordpress.org/support/topic/warning-illegal-offset-type-7/ for example.

The issue is that extend_for_orderby_groups_read and extend_for_filter_groups_read both run on front-end AJAX calls to admin-ajax.php, where post_type can be an array.

It's an easy fix as I can't see a need for this to run on AJAX calls at all, and I'll add a pull request for this.

I have a Gravity membership registration form that assigns a "Pending" group upon submission.

As of now, the admin manually removes the "Pending" group once they activate the member, but I am wondering if it is possible to automatically remove that "Pending" group from the user once the admin activates their account?

Whenever I am trying to delete/switch a blog, I am getting this error in my apache log:

PHP Fatal error: Uncaught Error: Call to undefined function wp_cache_reset() in /wp-content/plugins/groups/lib/core/class-groups-controller.php:46\nStack trace:\n#0 /wp-content/plugins/groups/lib/core/class-groups-controller.php(98): Groups_Controller::switch_to_blog(12)\n#1 /wp/wp-includes/plugin.php(524): Groups_Controller::delete_blog(12, true)\n#2 /wp/wp-admin/includes/ms.php(78): do_action('delete_blog', 12, true)\n#3 /wp/wp-admin/network/sites.php(133): wpmu_delete_blog(12, true)\n#4 {main}\n thrown in /wp-content/plugins/groups/lib/core/class-groups-controller.php on line 46

My wordpress version is 4.6 .

Thanks.

Hi,
is there an option to disable this plugin on the frontend?
I need it only in the backend, because everyone should see the website,
but only specific users should edit(administer) certain parts of website. I made a workaround
that seems to work by modifiying file lib/access/class-groups-post-access.php
on few places, but is there an option to do this somewhere in plugin config?

I have noticed i can display all groups for a user, but i would like to list all groups themselves.

How would i go about it?

In the 2.2.0 change log:

Important change in this version: If access restrictions for post type are disabled, related entries will not be protected anymore.

What does this mean? This sounds like a breaking change that could have a negative impact on my site. Is there detailed documentation of the impact of this change somewhere?

A similar change came along a while back that opened up access to all of my protected content to the whole world, which caused confusion with my users and exposed my protected content to the world. For somebody making a living from their site, that's a disaster.

Changes like that should be communicated in the strongest possible terms, with advance notice, and detailed instructions for changes to make in order to make a smooth transition possible.

Also, please look at semver and breaking changes.

I suspect that most people using this plugin rely on it for income. Breaking changes are a big deal and need to be treated as such.

"Plugin could not be activated because it triggered a fatal error."

For the version just downloaded from the .zip.

Hi.
First at all thanks for this pugin, so useful!

On my WP, user can download the page in pdf format using the WKHTMLTOPDF lib.
The site is only accessible for registered user and some page need specific right managed with groups.

This work well.
However i have trouble when i generateing a pdf from a page protect by the groups plugin (and this is normal)

Here is my code

function template_redirect() {
    global $post;

    if( ( $_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR'] ) && isset($_GET['wkhtmltopdf']) ) return;

}
add_action( 'template_redirect',  'template_redirect'  );

How i can tell to group that if the page is asked by the server itself, it can remove his control ?

thanks

Description

I am selling memberships, and users are not getting added to the members group on checkout.

Steps to Reproduce

Install and enable WooCommerce, Groups, & Groups WooCommerce. Configure a product to add users to a group called members. Check out.

Expected

User should be added to the "members" group.

Actual

Customers do not get added to "members" group. That makes customers sad. 😢

Hi!

I discovered recently on a website that I maintain that the Groups_Post_Access::posts_where method doesn't apply the proper filtering in product archive pages. The reason was that all tests for the $filter boolean currently only check the 'post_type' query var. However, it seems that WooCommerce never sets 'post_type' => 'product' for the archive page wp_query, but instead sets 'wc_query' => 'product_query' (I don't know if this is a recent change in WC or if it's particular to our website environment)

In any case, I added this specific check in the Groups_Post_Access class in pull request #81

Hello!

is it possible to CRUD the Groups via Rest API? I couldnt find anything online.

Thanks!

I've been using this plugin for a client and have been looking at using one of the groups as a means to exclude posts.

This is not covered by the core functionality and so I have been investigating how to create it myself.

In doing so, I happened to find the code you've used to edit the "where" part of the query.

I am unsure as to why this exists in the form it does?

After looking through your code, and the subsequent entries in the database, why don't you just hook into the pre_get_posts action and change the query to pull in certain meta_query values? To give an example: -

add_action('pre_get_posts', function($query) {
	
	$group = user_is_trade() ? 9 : 10;
		
	$query->set('meta_query', array(
		'relation' => 'OR',
		array(
			'key'     => 'groups-read',
			'value'   => $group,
			'compare' => 'IN'
		),
		array(
			'key'     => 'groups-read',
			'compare' => 'NOT EXISTS'
		)
	));
	
});

That's the code I have used to override your where query. It uses a meta_query to check for posts which a) don't have any "groups-read" meta keys (IE they have no group restrictions) and if they do have a key, then its value must be one of the ones stipulated in the code. Obviously, you'd embellish this with the various group ID's in your code etc.

My point is this is not only more succinct, but in line with the Wordpress hooks system. Rather than manually editing the query, you are able to leverage the extensive Wordpress backend to get the result you want.

I'm interested to know why this approach was not taken?

Thanks

With no other edits/updates/content changes happening to the site in question, other than updating this plugin we are seeing some issues with the default Category Widget. Running 2.18 and even updating to 2.19 we see the following:

After 2.20+:

Currently the Groups icon is a PNG. Why not create a svg for this so all hovers etc in WP look nice :).

for some reason I cant get read function to work:

Groups_User_Group::read( $user->ID, $group->group_id );

as a result page brakes down with standard "The site is experiencing technical difficulties."

any idea if its a bug or what?

Hi Team

Latest build has an error in /wp-content/plugins/groups/lib/admin/class-groups-admin.php

Line 250 has an extra , at the end of it that is causing the Admin area to error.

That extra comma needs to be removed.

Hello,

I've set the following in my wp-config.php:

define( 'DISALLOW_FILE_EDIT', TRUE );
define( 'DISALLOW_FILE_MODS', TRUE );

These are being overridden by the Groups plugin. It's in place for security reasons.

When groups plugin is activated: Plugin/Theme Editing, Plugin installation/deletion/update display are allowed
When groups plugin is deactivated: The above is unavailable.

FYI the link in the FAQ for "Developers … aka … What about Groups’ API?" currently points to:

http://api.itthinx.com/groups

When it should probably point to:

https://docs.itthinx.com/document/groups/api/

Thanks for making this plugin :)

The "groups_created_group" action conflicts with a BuddyPress Groups action of the same name. Please consider renaming this action.

Is this something that can be done?

$group_table isn't defined in lib/admin/groups-admin-capabilities.php

Hello,
I've seen that this question has been asked already, but I need more information.
I would like to automatically a specific role to a specific group.
Can you help me ? I've tried different shortcodes like
[groups_join role="GSS"]
but none of them worked.

Thank you for advance

If you look at this function you get a cached and set it to $results but you test for $found

/**
 * Returns true if the user has any of the capabilities that grant access to the post.
 * 
 * @param int $post_id post id
 * @param int $user_id user id or null for current user 
 * @return boolean true if user can read the post
 */
public static function user_can_read_post( $post_id, $user_id = null ) {
    $result = false;
    if ( !empty( $post_id ) ) {
        if ( $user_id === null ) {
            $user_id = get_current_user_id();
        }
        $found = false;
        $result = wp_cache_get( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, self::CACHE_GROUP, false, $found );
        if ( $found === false ) {
            $groups_user = new Groups_User( $user_id );
            $read_caps = self::get_read_post_capabilities( $post_id );
            if ( !empty( $read_caps ) ) {
                foreach( $read_caps as $read_cap ) {
                    if ( $groups_user->can( $read_cap ) ) {
                        $result = true;
                        break;
                    }
                }
            } else {
                $result = true;
            }
            $result = apply_filters( 'groups_post_access_user_can_read_post', $result, $post_id, $user_id );
            wp_cache_set( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP );
        }
    }
    return $result;
}

corrected code

     /**
 * Returns true if the user has any of the capabilities that grant access to the post.
 * 
 * @param int $post_id post id
 * @param int $user_id user id or null for current user 
 * @return boolean true if user can read the post
 */
public static function user_can_read_post( $post_id, $user_id = null ) {
    $result = false;
    if ( !empty( $post_id ) ) {
        if ( $user_id === null ) {
            $user_id = get_current_user_id();
        }
        $found = false;
        $result = wp_cache_get( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, self::CACHE_GROUP, false, $found );
        if ( false === $result ) {
            $groups_user = new Groups_User( $user_id );
            $read_caps = self::get_read_post_capabilities( $post_id );
            if ( ! empty( $read_caps ) ) {
                foreach( $read_caps as $read_cap ) {
                    if ( $groups_user->can( $read_cap ) ) {
                        $result = true;
                        break;
                    }
                }
            } else {
                $result = true;
            }
            $result = apply_filters( 'groups_post_access_user_can_read_post', $result, $post_id, $user_id );
            wp_cache_set( self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP );
        }
    }
    return $result;
}

I may open a pull request for this

Im trying to send a mail when a user is added to a certain group, but the groups_created_user_group action isn't returning any group id ($group_id).

Im trying to use the action documented here.

WordPress database error Table DATABASE.PREFIX_groups_capability doesn't exist for query

SELECT * FROM PREFIX_groups_capability WHERE capability = 'edit_posts'

made by:

1. include('wp-admin/admin-header.php'),
2. do_action('in_admin_header'),
3. WP_Hook->do_action,
4. WP_Hook->apply_filters,
5. call_user_func_array,
6. wp_admin_bar_render,
7. do_action_ref_array,
8. WP_Hook->do_action,
9. WP_Hook->apply_filters,
10. call_user_func_array,
11. wp_admin_bar_my_sites_menu,
12. current_user_can,
13. call_user_func_array,
14. WP_User->has_cap,
15. apply_filters('user_has_cap'),
16. WP_Hook->apply_filters,
17. call_user_func_array,
18. Groups_WordPress::user_has_cap,
19. Groups_User->can,
20. apply_filters_ref_array,
21. WP_Hook->apply_filters,
22. call_user_func_array,
23. Groups_WordPress::groups_user_can,
24. Groups_Capability::read_by_capability,
25. QM_DB->query,

referer: SITE/wp-admin/index.php