joryhogeveen / view-admin-as Goto Github PK

• Apply (Current default: clears existing defaults and applies the new defaults)
• Overwrite (Overwrite the existing defaults, keep defaults that don't exist in the import)
• Append (Append the new imports without overwriting the existing data)

All actions are done for each role separately.

Plugin: https://wordpress.org/plugins/awesome-support/
See: https://wordpress.org/support/topic/something-went-wrong-please-try-again/
Report:
Appears to be removing the admin bare nodes in some cases (to be reproduced).

Load the elements after window.load to make it work.

Force your own locale setting over that of a selected view.

Available since WP 4.7

• Build functionality
• Validate WP version for option display

https://make.wordpress.org/core/2016/11/07/user-admin-languages-and-locale-switching-in-4-7/

• Revert to default WP roles?
  • See wp-admin/includes/schema.php >> populate_roles()
• Icon: dashicons-vault
• Snapshot feature?

Add or remove roles and grant or deny them capabilities.

• Add / remove roles
• Clone roles
• Grant capabilities to roles
• Add new capabilities (to roles)
• Apply current view capabilities to role
• Testing! #42

• Enable admin-bar icon on responsive views
• Fix UI
• Fix JS events
• Fix a11y

Note:
Mobile screens are not wide enough to show all adminbar icons so this could cause the item to alread on a second line when there are more plugins active.
WP should fix this in core.

Check use of action/filter prefixes

• view_admin_as everywhere for global filters
• vaa_view_admin_as everywhere for global actions
• vaa_admin_bar Toolbar related actions & filters
• _view_admin_as for internal filters not to be used outside of the plugin
• _vaa_view_admin_as for internal actions not to be used outside of the plugin

Optional replacement for option descriptions.

Set the JS handling from the PHP side of the code to make the JS file size smaller. No need for all that duplicate code.

• Multiple value keys
• Multiple values for each key
• Confirm handling
• Required handling
• Value type processors:
  • default: get element value
  • multi: get multiple values (key -> checked)
  • selected: get selected values
• Option to parse value as json
• Option to get element attribute instead of input value

Currently I only use capability mapping for the role and capability views.

• update the current user roles property (only on a role view)
• update the current user caps property
• update the current user allcaps property
• compatibility with blog switching (caused the original values to reset)

Only for capability and role views + add a filter for modules to hook into.

Currently users that have the view_admin_as capability can also switch roles ("lower" roles) and capabilities (only their own capabilities can be selected).
I think these options are not needed for these type of users and maybe it should be removed since they likely won't be used.

The only function that I think could be handy in this case is user switching since it allows some support-like ability for higher ranking site users.

Currently there is a meta query running for every user when using the get_users() function.
This is fine for networks with a few users, but for large networks this can take a lot of time.

Todo:

• Create custom query handling for users
• Fallback to WP native function

Related #19
Related http://wordpress.stackexchange.com/questions/246589/get-multiple-users-with-meta-value-in-one-query-and-populate-wp-user-class/

Current fix:

/**
 * $WPDB_ stands for the db prefix
 */
SELECT users.*, usermeta.meta_value AS roles 
FROM {$wpdb->users} users
	INNER JOIN {$wpdb->usermeta} usermeta
		ON users.ID = usermeta.user_id
WHERE usermeta.meta_key = '{$wpdb->get_blog_prefix()}capabilities' 
ORDER BY users.display_name

Optional improvements:
Using MAX CASE we can select more meta values if needed (check compat with MySQL 5.0, WP minimum)

/**
 * $WPDB_ stands for the db prefix
 */
SELECT users.*, 
	MAX(CASE WHEN usermeta.meta_key = '{$wpdb->get_blog_prefix()}capabilities' THEN usermeta.meta_value ELSE NULL END) roles
FROM {$wpdb->users} users
	INNER JOIN {$wpdb->usermeta} usermeta
		ON users.ID = usermeta.user_id
GROUP BY users.ID
HAVING roles is not null /* $WPDB_PREFIX_capabilities meta value required, otherwise the user isn't a member of the current blog */
ORDER BY users.display_name

Just like with Restrict User Access #31 and Groups #11 . Also support this plugin.

Since the viewtype name will be similar to that if "Groups". Let's add a plugin name description for each additional view type module.

• Search by user ID
• Show user ID in results

Option to not just hide the screen options for users but enforce the set role defaults even if the user has set his/her own preferences.

Ability to create view combinations.

Example:

• User view: "Joe" (default role: Author)
• Modify Joe's role with the Role view to "Editor"
• And as a third layer: grant or deny capabilities to the above combination with the Caps view.

Would result in a view based on user "Joe" with role "Editor" and extra capability modifications.

Todo:

• Apply conditions on the number of active views on various locations (v1.6.3)
• View combinations working in the core code (v1.7)
• UI (v1.8)

https://nl.wordpress.org/plugins/press-permit-core/

Scrollbar??

• Link with GitHub
• Fix build config (or disable since I also use Travis CI)
• Fix style (or disable since I also use CodeClimate)

• Consider: is a visitor a role or a new view type? >> Yes
• Testing!

Adminbar isn't visible (it is rendered through)

Docs:
http://kb.wpbeaverbuilder.com/article/111-set-page-builder-editing-capabilities
http://kb.wpbeaverbuilder.com/article/439-grant-user-access-by-role-new-in-version-1-10

When other plugins use the user_has_cap filter, VAA overwrites this in a view.

It might be more logical to put our filters at as first, so all other plugin's can still do their magic.
This way the filter get's actually run as if it's a different role instead of a being overwritten by view admin as.

Extra:
Maybe it's good to use the user_has_cap filter in our map_meta_cap filter as well to ensure we get the proper capability modifications from other plugins.

All JSON format

• Option to export all roles or a single role
  • Only export non-translated data (role ID/slug => capabilities)
• Option to import a single (new or existing) role only
• Option to export/import the capabilities only (with role selector)

See: https://wordpress.org/support/topic/need-to-switch-to-another-admin/

Issue is with VAA_API::is_superior_admin() when $user_id parameter is null.

Problem with the use of boolval()
http://php.net/manual/en/function.boolval.php

• Login tests (Controller: auto reset and expire)
• User capability tests
  • Access VAA (check if the main plugin is enabled)
• Store tests (check available users, roles and capabilities per user role)
• View data tests
• Setting tests
• did_action tests
• API tests
  • Basic helper functions tests
• Modules
  • Role Defaults
    • Setting meta keys
    • Meta key compare
    • Import/Export role defaults
    • Copy role defaults
    • Clear role defaults
  • Role Manager
    • Role name/slug sanitizing
    • Export/Import roles
    • Clone roles
    • Rename roles
    • Delete roles

Added in 1.7.1:

• bp_moderate
• bp_xprofile_change_field_visibility

Todo
Other capabilities found in BuddyPress plugin:

• throttle
• keep_gate
• moderate_comments
• edit_cover_image
• edit_avatar
• edit_favorites
• edit_favorites_of
• add_tag_to
• edit_tag_by_on
• change_user_password
• moderate
• browse_deleted
• view_by_ip
• write_posts
• write_topic
• write_topics
• move_topic
• stick_topic
• close_topic
• edit_topic
• delete_topic
• delete_forum
• manage_forums
• manage_tags

Similar to import except take an existing role source and use it to overwrite/append/import into other roles.

I currently use the user meta to set/get view data.

• Check pros/cons for using cookies.

Currently I add a simple test with a link to reset the view when there is a permission error.
Note, I only handle errors when a view is selected!

Enhance this to:

• Give some more info on the error (if possible)
• Add a link to the dashboard aswell (without resetting the view)
• Add a link to the front page aswell (without resetting the view)

Remove icon definitions from CSS and move them to PHP
Creates more flexibility and streamlined CSS.

Optionally support the Groups plugin if active.
See: https://github.com/itthinx/groups
Documentation: http://docs.itthinx.com/document/groups/

Can be improved with: itthinx/groups#59

VAA 1.7.2 - Initial PR: #59
Currently only supports features from the free version of Groups.

• groups_user_can & groups_group_can (though not really usefull when you are a super admin, use case possible with view combinations: #18)
• groups shortcodes
  • Custom shortcode implementation for groups_member & groups_non_member
• Page restrictions
  • I Replicate a 404 page when the selected user has no access to read. I use this since I can't hook into the posts_where filter from Groups.

Future

• More?

The plugin runs fine with a lot of users but when other plugins hook into the user capabilities with queries the load time can still be affected heavily.

The options/features below should fix this:

1. Limit user query to a max of 100 results. This can be changed with the filter: view_admin_as_user_query_limit
2. When there are more users than the limit (default: 100), switch to AJAX search instead of loading all users.
3. Option to disable the user view type UI. It is then still possible to switch from the user lists page. #84

Log:

Run tests on a blog with a LOT of users

• 100+ works good! Hardly noticeable
• 500+ works good! Hardly noticeable
• 5000+ @planetahuevo reported errors using membership plugins.

https://make.wordpress.org/core/2017/05/22/multisite-focused-changes-in-4-8/

Remove the anchor tag before reloading

• Enable FIXME (no config)
• Enable & Configure Duplication
• Enable & Configure PHP Code Sniffer
  • Create separate config file like phpmd? (No support on CC, only local)
• Enable PHP Mess Detector
  • Configure PHP Mess Detector: master/tests/phpmd.xml
  • dev/tests/phpmd.xml
    • Is NPath complexity of 200 too low?
      • Suppress docs added where needed
    • Is Cyclomatic complexity of 10 too low?
      • Suppress docs added where needed
• Enable CSSLint
  • Configure CSSLint: dev/tests/.csslintrc << not supported, config done in dev/.codeclimate.yml)
    • Disable !important error (I need it for admin bar changes)
• Enable ESLint (dev)
  • Configure ESLint dev/tests/.eslintrc
    • Yoda! :)
    • Is Cyclomatic complexity of 6 too low? (yes >> 12 is ok)
    • allow semicolon at the beginning (inline comment fix)

Add view options at network pages when view_admin_as_superior_admins filter is used

Disabled for v1.6.2.

Check if there is something to do to fix reloading and capabilities. Currentlt when you switch to a different view in the customizer is reloads the regular page (non-customizer) in the iFrame or it shows a not-allowed page.

EDIT:
Fixed for v1.7.6

Can be handy with a large number of users (customers in a webshop for example)

• Add links (no JS)
• Redirect to dashboard

• Option to change the label of a role. (v1.7.1)
• Maybe also option to change the slug? (for non-default roles)
  • Would be a shortcut to clone a role and remove the "old" role.
  • Should also update users with that role to the new role.

Plugin: https://nl.wordpress.org/plugins/wp-admin-ui-customize/
See: https://wordpress.org/support/topic/something-went-wrong-please-try-again/
Report:
Unable to switch back to default view

See: WAUC/#1 & WAUC/#2

• Enable/Disable meta keys
• Add new meta keys (non-default meta keys should also be removable)

https://wordpress.org/plugins/advanced-access-manager/screenshots/

• Basic (free) functions seem to work with latest dev (#29)
• Pro functions?

Prevent non-vaa users to move metaboxes when this setting is enabled

https://wordpress.org/plugins/restrict-user-access/

Branche: Currently only local dev
Related: intoxstudio/restrict-user-access#8

Status/Tests:
Only access level view:

• Admin capabilities
• Frontend: restrict posttype
• Frontend: restrict menu item
• Frontend: shortcodes

Access level view in combination with a role view

• Admin capabilities
• Frontend: restrict posttype
• Frontend: restrict menu item
• Frontend: shortcodes

When a role or capability view is selected the current user is still the same. So if any plugins only validate a is_super_admin() check instead of current_user_can() these checks would return true.

Not 100% sure but I'd say that when a view is selected, is_super_admin() should return false.

• Maybe make it optional??
• Only disable on non-network admin pages

Tests:
This effectively disables functions grant_super_admin() and revoke_super_admin() since it sets/changes the $super_admins global variable. So when you switch to another super admin (as a superior admin) adding other users to the super admin list should not work.

When defaults are applied to roles and these roles are removed the defaults still exists.
I'd like to keep it this way so the user can add the roles again and keep the defaults.
But, I'll add them to the clear roles list so the user can remove them.