From 2d30c14e7224beaec6234e11f716bb9bc07c73de Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Tue, 18 Nov 2025 11:41:18 +0300
Subject: [PATCH 1/6] Fix. Settings. 2FA users roles setting fixed.

---
 inc/spbc-settings.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/inc/spbc-settings.php b/inc/spbc-settings.php
index f2cc8846d..9b9c95cad 100644
--- a/inc/spbc-settings.php
+++ b/inc/spbc-settings.php
@@ -1950,7 +1950,7 @@ function spbc_field_2fa__roles()
     global $spbc, $wp_roles;
 
     $wp_roles = new WP_Roles();
-    $roles    = $wp_roles->get_names();
+    $roles    = $wp_roles->roles;
 
     echo '<div class="spbc_wrapper_field spbc_sub_setting">';
 
@@ -1969,10 +1969,12 @@ function spbc_field_2fa__roles()
          . ' size="' . (count($roles) - 1 < 6 ? count($roles) - 1 : 5) . '"'
          . '>';
 
-    foreach ($roles as $role) {
+    foreach ($roles as $role_slug => $role_details) {
+        $role_name = isset($role_details['name']) ? $role_details['name'] : esc_html__('Unknown', 'security-malware-firewall');
         echo '<option'
-             . (in_array($role, (array) $spbc->settings['2fa__roles']) ? ' selected="selected"' : '')
-             . '>' . $role . '</option>';
+             . (in_array($role_slug, (array) $spbc->settings['2fa__roles']) ? ' selected="selected"' : '')
+             . ' value="' . $role_slug . '"'
+             . '>' . $role_name . '</option>';
     }
 
     echo '</select>';

From 5bb7bc684221e3f42b7852ee06b5aa575f73efa9 Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Tue, 18 Nov 2025 11:43:12 +0300
Subject: [PATCH 2/6] Fix. Tools. Checking users roles fixed.

---
 inc/spbc-tools.php | 25 +------------------------
 1 file changed, 1 insertion(+), 24 deletions(-)

diff --git a/inc/spbc-tools.php b/inc/spbc-tools.php
index 6aa2d437e..70f23f539 100644
--- a/inc/spbc-tools.php
+++ b/inc/spbc-tools.php
@@ -247,8 +247,7 @@ function spbc_is_user_role_in($roles, $user = false)
     }
 
     foreach ((array) $roles as $role) {
-        $role_slug = spbc_get_role_slug_by_role_name($role);
-        if (isset($user->caps[$role_slug]) || in_array($role_slug, $user->roles)) {
+        if (isset($user->caps[strtolower($role)]) || in_array(strtolower($role), $user->roles)) {
             return true;
         }
     }
@@ -256,28 +255,6 @@ function spbc_is_user_role_in($roles, $user = false)
     return false;
 }
 
-/**
- * @param string $role_name
- *
- * @return string
- */
-function spbc_get_role_slug_by_role_name($role_name)
-{
-    $wp_roles = new WP_Roles();
-    $role_slug = '';
-
-    if ( ! is_array($wp_roles->roles) ) {
-        return $role_slug;
-    }
-
-    foreach ( $wp_roles->roles as $role_slug => $role_details ) {
-        if ( isset($role_details['name']) && $role_details['name'] === $role_name ) {
-            return $role_slug;
-        }
-    }
-    return $role_slug;
-}
-
 /**
  * Does ey has correct symbols? Checks against regexp ^[a-z\d]{3,30}$
  *

From 1e2aacef05f92280f992d1d358efc67836225f9a Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Tue, 18 Nov 2025 12:00:32 +0300
Subject: [PATCH 3/6] Fix. Updater. 2FA roles setting updated.

---
 lib/CleantalkSP/Updater/UpdaterScripts.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lib/CleantalkSP/Updater/UpdaterScripts.php b/lib/CleantalkSP/Updater/UpdaterScripts.php
index ce2e75c0d..90d099c72 100644
--- a/lib/CleantalkSP/Updater/UpdaterScripts.php
+++ b/lib/CleantalkSP/Updater/UpdaterScripts.php
@@ -1531,4 +1531,25 @@ public static function updateTo_2_166_1() // phpcs:ignore PSR1.Methods.CamelCaps
 
         $spbc->save('settings');
     }
+
+    public static function updateTo_2_168_0() // phpcs:ignore PSR1.Methods.CamelCapsMethodName.NotCamelCaps
+    {
+        global $spbc;
+
+        $old_2fa_roles = $spbc->settings['2fa_roles'];
+        $wp_roles = new \WP_Roles();
+
+        $new_2fa_roles = [];
+        foreach ($old_2fa_roles as $role_display_name) {
+            foreach ($wp_roles->roles as $role_key => $role_data) {
+                if ($role_data['name'] === $role_display_name) {
+                    $new_2fa_roles[] = $role_key;
+                    break;
+                }
+            }
+        }
+
+        $spbc->settings['2fa_roles'] = $new_2fa_roles;
+        $spbc->save('settings');
+    }
 }

From cc36642b215b829c2598f403b2255cc56c8af153 Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Tue, 18 Nov 2025 12:26:49 +0300
Subject: [PATCH 4/6] Upd. Dashboard widget. Show widget for roles filtered by
 hook.

---
 inc/spbc-admin.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
index 5ac151b28..25cc262c0 100644
--- a/inc/spbc-admin.php
+++ b/inc/spbc-admin.php
@@ -1022,7 +1022,16 @@ function spbc_dashboard_statistics_widget()
         $actual_plugin_name = $spbc->data['wl_brandname'];
     }
 
-    if ( current_user_can('activate_plugins') ) {
+    /**
+     * Hook. List of allowed user roles for the Dashboard widget.
+     * add_filter('spbct_hook_dashboard_widget_allowed_roles_list', function($roles_list) {
+     *  $roles_list[] = 'editor';
+     *  return $roles_list;
+     * });
+     */
+    $roles_list = apply_filters('spbct_hook_dashboard_widget_allowed_roles_list', array('administrator'));
+
+    if ( is_array($roles_list) && spbc_is_user_role_in($roles_list) ) {
         wp_add_dashboard_widget(
             'spbc_dashboard_statistics_widget',
             $actual_plugin_name,

From 8d139c735b10f61692f2acdf43b04978c8843769 Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Tue, 18 Nov 2025 12:32:54 +0300
Subject: [PATCH 5/6] Fix. Dashboard widget. Sensitive data show for admins
 only.

---
 inc/spbc-admin.php | 36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
index 25cc262c0..5e8329744 100644
--- a/inc/spbc-admin.php
+++ b/inc/spbc-admin.php
@@ -1060,25 +1060,27 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
     <div class='spbc_widget_top_links'>
         <img src="<?php echo Escape::escUrl(SPBC_PATH . '/images/preloader.gif'); ?>" class='spbc_preloader'>
         <?php
-
         if ($spbc->data['display_scanner_warnings']['critical'] > 0) {
             echo (spbc__get_accordion_tab_info_block_html('critical-for-widget'));
         }
-
-        echo '<div style="display: flex; align-self: end;">';
-        echo sprintf(
-            __("%sRefresh%s", 'security-malware-firewall'),
-            "<a href='#spbc_widget' class='spbc_widget_refresh_link'>",
-            "</a>"
-        ); ?>
-        <?php
-        echo sprintf(
-            __("%sConfigure%s", 'security-malware-firewall'),
-            "<a href='{$spbc->settings_link}' class='spbc_widget_settings_link'>",
-            "</a>"
-        );
-        echo '</div>';
         ?>
+
+        <?php if ( spbc_is_user_role_in(array('administrator')) ) {
+            echo '<div style="display: flex; align-self: end;">';
+
+            echo sprintf(
+                __("%sRefresh%s", 'security-malware-firewall'),
+                "<a href='#spbc_widget' class='spbc_widget_refresh_link'>",
+                "</a>"
+            );
+
+            echo sprintf(
+                    __("%sConfigure%s", 'security-malware-firewall'),
+                    "<a href='{$spbc->settings_link}' class='spbc_widget_settings_link'>",
+                    "</a>"
+            );
+            echo '</div>';
+        } ?>
     </div>
     <form id='spbc_refresh_form' method='POST' action='#spbc_widget'>
         <input type='hidden' name='spbc_brief_refresh' value='1'>
@@ -1116,7 +1118,7 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
                 "<u>{$spbc->brief_data['error']}</u>"
             )
             . '</h2>';
-        if ( $spbc->user_token && ! $spbc->white_label ) {
+        if ( spbc_is_user_role_in(array('administrator')) && $spbc->user_token && ! $spbc->white_label ) {
             echo '<h2 class="spbc_widget_activate_header">'
                 . __('Please, visit your Dashboard.', 'security-malware-firewall')
                 . '</h2>'
@@ -1160,7 +1162,7 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
                 } ?>
             </table>
             <?php
-            if ( $spbc->user_token && ! $spbc->data["wl_mode_enabled"] ) { ?>
+            if ( spbc_is_user_role_in(array('administrator')) && $spbc->user_token && ! $spbc->data["wl_mode_enabled"] ) { ?>
                 <a target='_blank' href='https://cleantalk.org/my?user_token=<?php
                 echo Escape::escHtml($spbc->user_token); ?>&cp_mode=security'>
                     <input class='spbc_widget_button' id='spbc_widget_button_view_all' type='button' value='View all'>

From f49d5a039f50684bac7aee7cb295813f53a4aa9e Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Thu, 20 Nov 2025 11:39:55 +0300
Subject: [PATCH 6/6] Fix. Dashboard widget. Widget layout for non-admin fixed.

---
 inc/spbc-admin.php | 79 ++++++++++++++++++++++++----------------------
 1 file changed, 41 insertions(+), 38 deletions(-)

diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
index 5e8329744..d03f2a52c 100644
--- a/inc/spbc-admin.php
+++ b/inc/spbc-admin.php
@@ -1007,7 +1007,6 @@ function spbc_admin__change_plugin_description($all_plugins)
     return $all_plugins;
 }
 
-
 /**
  * Add the statistics widget to the dashboard.
  * @return void
@@ -1060,31 +1059,35 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
     <div class='spbc_widget_top_links'>
         <img src="<?php echo Escape::escUrl(SPBC_PATH . '/images/preloader.gif'); ?>" class='spbc_preloader'>
         <?php
-        if ($spbc->data['display_scanner_warnings']['critical'] > 0) {
+        if ( spbc_is_user_role_in(array('administrator')) && $spbc->data['display_scanner_warnings']['critical'] > 0 ) {
             echo (spbc__get_accordion_tab_info_block_html('critical-for-widget'));
         }
         ?>
 
-        <?php if ( spbc_is_user_role_in(array('administrator')) ) {
+        <?php
             echo '<div style="display: flex; align-self: end;">';
-
             echo sprintf(
                 __("%sRefresh%s", 'security-malware-firewall'),
                 "<a href='#spbc_widget' class='spbc_widget_refresh_link'>",
                 "</a>"
             );
+        ?>
+        <form id='spbc_refresh_form' method='POST' action='#spbc_widget'>
+            <input type='hidden' name='spbc_brief_refresh' value='1'>
+        </form>
 
+        <?php if ( spbc_is_user_role_in(array('administrator')) ) {
             echo sprintf(
                     __("%sConfigure%s", 'security-malware-firewall'),
                     "<a href='{$spbc->settings_link}' class='spbc_widget_settings_link'>",
                     "</a>"
             );
-            echo '</div>';
         } ?>
+        <?php
+            echo '</div>';
+        ?>
     </div>
-    <form id='spbc_refresh_form' method='POST' action='#spbc_widget'>
-        <input type='hidden' name='spbc_brief_refresh' value='1'>
-    </form>
+
     <h4 class='spbc_widget_block_header' style='margin-left: 12px;'><?php
         _e('7 days Security FireWall and Bruteforce stats', 'security-malware-firewall'); ?></h4>
     <div class='spbc_widget_block spbc_widget_chart_wrapper'>
@@ -1174,37 +1177,37 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
         <?php
     }
     // Notice at the bottom
-    if ( isset($current_user) && in_array('administrator', $current_user->roles) ) {
-        $brief_data_total_count = $spbc->data['brief_data']['total_count'];
-        if ( !empty($brief_data_total_count) && $brief_data_total_count > 0 ) {
-            echo '<div class="spbc_widget_wprapper_total_blocked">'
-                . ($spbc->data["wl_mode_enabled"] ? '' : '<img src="' . SPBC_PATH . '/images/logo_small.png" class="spbc_widget_small_logo"/>')
-                . '<span title="'
-                . sprintf(
-                /* translators: %s: Number of spam messages */
-                    __(
-                        '%s%s%s has blocked %s attacks for all time. The statistics are automatically updated every 24 hours.',
-                        'security-malware-firewall'
-                    ),
-                    ! $spbc->data["wl_mode_enabled"] ? '<a href="https://cleantalk.org/my/?user_token=' . $spbc->user_token . '&utm_source=wp-backend&utm_medium=dashboard_widget&cp_mode=spbc" target="_blank">' : '',
-                    $actual_plugin_name,
-                    ! $spbc->data["wl_mode_enabled"] ? '</a>' : '',
-                    '<b>' . number_format($brief_data_total_count, 0, ',', ' ') . '</b>'
-                )
-                . '</span>'
-                . (! $spbc->white_label && ! $spbc->data["wl_mode_enabled"]
-                    ? '<br><br>'
-                    . '<b style="font-size: 16px;">'
-                    . sprintf(
-                        __('Do you like CleanTalk? %sPost your feedback here%s.', 'security-malware-firewall'),
-                        '<u><a href="https://wordpress.org/support/plugin/security-malware-firewall/reviews/#new-post" target="_blank">',
-                        '</a></u>'
-                    )
-                    . '</b>'
-                    : ''
-                )
-                . '</div>';
+    $brief_data_total_count = $spbc->data['brief_data']['total_count'];
+    if ( ! empty($brief_data_total_count) && $brief_data_total_count > 0 ) {
+        $plugin_name = $actual_plugin_name;
+        if ( spbc_is_user_role_in(array('administrator')) && ! $spbc->data["wl_mode_enabled"] ) {
+            $plugin_name =
+                '<a href="https://cleantalk.org/my/?user_token=' . $spbc->user_token . '&utm_source=wp-backend&utm_medium=dashboard_widget&cp_mode=spbc" target="_blank">'
+                . $actual_plugin_name
+                . '</a>';
         }
+        $cp_total_stats =
+              ($spbc->data["wl_mode_enabled"] ? '' : '<img src="' . SPBC_PATH . '/images/logo_small.png" class="spbc_widget_small_logo"/>')
+              . '<span>'
+              . sprintf(
+                      __('%s has blocked %s attacks for all time. The statistics are automatically updated every 24 hours.', 'security-malware-firewall'),
+                      $plugin_name,
+                      '<b>' . number_format($brief_data_total_count, 0, ',', ' ') . '</b>'
+              )
+              . '</span>';
+        echo '<div class="spbc_widget_wprapper_total_blocked">'
+             . $cp_total_stats
+             . (! $spbc->white_label && ! $spbc->data["wl_mode_enabled"]
+                 ? '<br><br>'
+                      . '<b style="font-size: 16px;">'
+                      . sprintf(
+                              __('Do you like CleanTalk? %sPost your feedback here%s.', 'security-malware-firewall'),
+                              '<u><a href="https://wordpress.org/support/plugin/security-malware-firewall/reviews/#new-post" target="_blank">',
+                              '</a></u>'
+                      )
+                      . '</b>'
+                 : '')
+        . '</div>';
     }
     echo '</div>';
 }