Merge branch 'release/2.3.0'

Author: danieliser

CHANGELOG.md

@@ -10,6 +10,7 @@
 namespace ContentControl\Controllers;
 
 use ContentControl\Base\Controller;
+use ContentControl\Controllers\Compatibility\BetterDocs;
 use ContentControl\Controllers\Compatibility\Divi;
 use ContentControl\Controllers\Compatibility\Elementor;
 use ContentControl\Controllers\Compatibility\QueryMonitor;
@@ -31,6 +32,7 @@ class Compatibility extends Controller {
 	 */
 	public function init() {
 		$this->container->register_controllers( [
+			'Compatibility\BetterDocs'        => new BetterDocs( $this->container ),
 			'Compatibility\Divi'              => new Divi( $this->container ),
 			'Compatibility\Elementor'         => new Elementor( $this->container ),
 			'Compatibility\QueryMonitor'      => new QueryMonitor( $this->container ),

classes/Controllers/Compatibility.php

@@ -0,0 +1,75 @@
+<?php
+/**
+ * BetterDocs controller class.
+ *
+ * @package ContentControl
+ */
+
+namespace ContentControl\Controllers\Compatibility;
+
+use ContentControl\Base\Controller;
+
+/**
+ * BetterDocs controller class.
+ */
+class BetterDocs extends Controller {
+
+	/**
+	 * Initiate hooks & filter.
+	 *
+	 * @return void
+	 */
+	public function init() {
+		add_action( 'content_control/get_rest_api_intent', [ $this, 'get_rest_api_intent' ], 10 );
+	}
+
+	/**
+	 * Get intent for BetterDocs.
+	 *
+	 * @param array<string,mixed> $intent Intent.
+	 *
+	 * @return array<string,mixed>
+	 */
+	public function get_rest_api_intent( $intent ) {
+		global $wp;
+		
+
+		if ( ! defined( 'BETTERDOCS_PLUGIN_FILE' ) ) {
+			return $intent;
+		}
+
+		$rest_route     = $wp->query_vars['rest_route'];
+		$endpoint_parts = explode( '/', str_replace( '/wp/v2/', '', $rest_route ) );
+
+		// Set the custom search intent.
+		if ( isset( $wp->query_vars['search'] ) ) {
+			$intent['search'] = sanitize_title( $wp->query_vars['search'] );
+		}
+
+		if ( 'unknown' === $intent['type'] && 'docs' === $intent['name'] ) {
+			// If we have a post type or taxonomy, the name is the first part (posts, categories).
+			$post_type = sanitize_key( $endpoint_parts[0] );
+
+			if ( 'docs' === $post_type ) {
+				$intent['type'] = 'post_type';
+			}
+		}
+
+		// phpcs:disable WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_REQUEST['post_type'] ) ) {
+			$post_type = sanitize_text_field( wp_unslash( $_REQUEST['post_type'] ) );
+
+			// Check if any ct_forced_* request aregs are set. If so we should use the post type intent.
+			if ( strpos( $post_type, 'ct_forced_' ) !== false ) {
+				$intent['type'] = 'post_type';
+
+				$post_type = str_replace( 'ct_forced_', '', $post_type );
+
+				$intent['name'] = explode( ':', $post_type );
+			}
+		}
+		// phpcs:enable WordPress.Security.NonceVerification.Recommended
+
+		return $intent;
+	}
+}

classes/Controllers/Compatibility/BetterDocs.php

@@ -1,6 +1,6 @@
 {
 	"name": "code-atlantic/content-control",
-	"version": "2.2.8",
+	"version": "2.3.0",
 	"type": "wordpress-plugin",
 	"license": "GPL-2.0-or-later",
 	"minimum-stability": "dev",

composer.json

@@ -3,7 +3,7 @@
  * Plugin Name: Content Control
  * Plugin URI: https://contentcontrolplugin.com/?utm_campaign=plugin-info&utm_source=php-file-header&utm_medium=plugin-ui&utm_content=plugin-uri
  * Description: Restrict content to logged in/out users or specific user roles. Restrict access to certain parts of a page/post. Control the visibility of widgets.
- * Version: 2.2.8
+ * Version: 2.3.0
  * Author: Code Atlantic
  * Author URI: https://code-atlantic.com/?utm_campaign=plugin-info&utm_source=php-file-header&utm_medium=plugin-ui&utm_content=author-uri
  * Donate link: https://code-atlantic.com/donate/?utm_campaign=donations&utm_source=php-file-header&utm_medium=plugin-ui&utm_content=donate-link
@@ -30,7 +30,7 @@ function get_plugin_config() {
 	return [
 		'name'          => \__( 'Content Control', 'content-control' ),
 		'slug'          => 'content-control',
-		'version'       => '2.2.8',
+		'version'       => '2.3.0',
 		'option_prefix' => 'content_control',
 		// Maybe remove this and simply prefix `name` with `'Popup Maker'`.
 		'text_domain'   => 'content-control',

composer.lock

@@ -334,42 +334,82 @@ function check_referrer_is_admin() {
 }
 
 /**
- * Check if protection methods should be disabled.
- *
- * Generally used to bypass protections when using page editors.
+ * Check if request is excluded.
  *
  * @return bool
  *
- * @since 2.0.0
+ * @since 2.3.0
  */
-function protection_is_disabled() {
-	$is_disabled = false;
+function request_is_excluded() {
+	static $is_excluded;
 
-	if (
-		// Disable protection when user is excluded.
-		( user_is_excluded() ) ||
-
-		// Check if doing cron.
-		( defined( 'DOING_CRON' ) && DOING_CRON ) ||
+	if ( isset( $is_excluded ) ) {
+		return $is_excluded;
+	}
 
-		// Check if doing ADMIN AJAX from valid admin referrer.
-		( defined( 'DOING_AJAX' ) && DOING_AJAX && check_referrer_is_admin() ) ||
+	$is_excluded = false;
 
-		// Check if doing REST API from valid admin referrer.
-		( is_rest() && check_referrer_is_admin() ) ||
+	if (
+		// Check if doing cron.
+		is_cron()
 
 		// If this is rest request and not core wp namespace.
-		( is_rest() && ! is_wp_core_rest_namespace() ) ||
-
-		// Disable protection when viewing post previews.
-		( is_preview() && current_user_can( 'edit_post', get_the_ID() ) ) ||
+		// || ( is_rest() && ! is_wp_core_rest_namespace() ).
 
 		// Disable protection when not on the frontend.
-		( ! is_frontend() && ! is_rest() )
+		// || ( ! is_frontend() && ! is_rest() ).
 	) {
-		$is_disabled = true;
+		$is_excluded = true;
 	}
 
+	return $is_excluded;
+}
+
+/**
+ * Check if the request is for a priveleged user in the admin area.
+ *
+ * @return bool
+ *
+ * @since 2.3.0
+ */
+function request_for_user_is_excluded() {
+	// Check if user has permission to manage settings and is on the admin area.
+	if ( user_is_excludable() ) {
+		if (
+			// Is in the admin area.
+			is_admin() ||
+			// Is an ajax request from the admin area.
+			(
+				( is_ajax() || is_rest() ) &&
+				check_referrer_is_admin()
+			)
+		) {
+			return true;
+		}
+	}
+
+	$post_id = get_the_ID();
+
+	// Disable protection when viewing post previews or editing a post.
+	if ( ( $post_id > 0 || is_preview() ) && current_user_can( 'edit_post', $post_id ) ) {
+		return true;
+	}
+
+	return false;
+}
+
+/**
+ * Check if protection methods should be disabled.
+ *
+ * Generally used to bypass protections when using page editors.
+ *
+ * @return bool
+ *
+ * @since 2.0.0
+ */
+function protection_is_disabled() {
+	$is_disabled = user_is_excluded() || request_is_excluded() || request_for_user_is_excluded();
+
 	/**
 	 * Filter whether protection is disabled.
 	 *

content-control.php

@@ -400,5 +400,5 @@ function get_rest_api_intent() {
 		$intent = $result;
 	}
 
-	return $intent;
+	return apply_filters( 'content_control/get_rest_api_intent', $intent );
 }

inc/functions/developers.php

@@ -33,13 +33,22 @@ function admins_are_excluded() {
 	return get_data_version( 'settings' ) > 1 && plugin()->get_option( 'excludeAdmins' );
 }
 
+/**
+ * Current user is excluded from restrictions.
+ *
+ * @return bool True if user is excluded, false if not.
+ */
+function user_is_excludable() {
+	return \current_user_can( plugin()->get_permission( 'manage_settings' ) );
+}
+
 /**
  * Current user is excluded from restrictions.
  *
  * @return bool True if user is excluded, false if not.
  */
 function user_is_excluded() {
-	return admins_are_excluded() && \current_user_can( plugin()->get_permission( 'manage_settings' ) );
+	return admins_are_excluded() && user_is_excludable();
 }
 
 /**