Fixes to Permissions

Author: otrok7

admin/class-bread-admin.php

@@ -248,9 +248,6 @@ function pwsix_process_settings_export()
         if (!isset($_POST['pwsix_export_nonce']) || ! wp_verify_nonce($_POST['pwsix_export_nonce'], 'pwsix_export_nonce')) {
             return;
         }
-        if (! current_user_can('manage_bread')) {  // TODO: Is this necessary? Why not let the user make a copy
-            return;
-        }
         $this->download_settings_inner();
     }
     function download_settings()
@@ -317,13 +314,13 @@ function exportLogFile($file)
     }
     function current_user_can_modify()
     {
-        if (! current_user_can('manage_bread')) {
-            return false;
-        }
         $user = wp_get_current_user();
         if (in_array('administrator', $user->roles)) {
             return true;
         }
+        if (! current_user_can('manage_bread')) {
+            return false;
+        }
         $authors_safe = $this->bread->getOption('authors');
         if (!is_array($authors_safe) || empty($authors_safe)) {
             return true;
@@ -335,10 +332,17 @@ function current_user_can_modify()
     }
     function current_user_can_create()
     {
-        if (! current_user_can('manage_bread')) {
-            return false;
+        $user = wp_get_current_user();
+        if (in_array('administrator', $user->roles)) {
+            return true;
+        }
+        if (current_user_can('manage_options')) {
+            return true;
+        }
+        if (current_user_can('manage_bread')) {
+            return true;
         }
-        return true;
+        return false;
     }
     /**
      * Process a settings import from a json file
@@ -348,7 +352,7 @@ function pwsix_process_settings_import()
         if (empty($_REQUEST['pwsix_import_nonce']) || !wp_verify_nonce($_REQUEST['pwsix_import_nonce'], 'pwsix_import_nonce')) {
             return;
         }
-        if (! current_user_can('manage_bread')) {
+        if (! $this->current_user_can_modify()) {
             return;
         }
         $this->bread->getConfigurationForSettingId($this->bread->getRequestedSetting());
@@ -376,7 +380,7 @@ function pwsix_process_settings_import()
         update_option($this->bread->getOptionsName(), $this->bread->getOptions());
         setcookie('current-meeting-list', $this->bread->getRequestedSetting(), time() + 10);
         setcookie('bread_import_file', $import_file, time() + 10);
-        wp_safe_redirect(admin_url('?page=class-bread-admin.php'));
+        wp_safe_redirect(admin_url('?page=bmlt-enabled-bread'));
     }
     function my_theme_add_editor_styles()
     {
@@ -433,11 +437,15 @@ function admin_submenu_link($parent_slug)
         activate_bread();
         $this->bmltEnabled_admin->createMenu();
 
+        $cap = 'manage_options';
+        if (!current_user_can($cap)) {
+            $cap = 'manage_bread';
+        }
         $this->hook = add_submenu_page(
             $parent_slug,
             'Printable Meeting Lists',
             'Printable Meeting Lists',
-            'manage_bread',
+            $cap,
             'bmlt-enabled-bread',
             array(&$this, 'admin_options_page'),
             2

bmlt-meeting-list.php

@@ -11,7 +11,7 @@
  * Plugin Name:       Bread
  * Plugin URI:        https://bmlt.app
  * Description:       Maintains and generates PDF Meeting Lists from BMLT.
- * Version:           2.9.6
+ * Version:           2.9.7
  * Author:            bmlt-enabled
  * Author URI:        https://bmlt.app/
  * License:           GPL-2.0+

readme.txt

@@ -5,7 +5,7 @@ Tags: meeting list, bmlt, narcotics anonymous, na
 Requires PHP: 8.1
 Requires at least: 6.2
 Tested up to: 6.8
-Stable tag: 2.9.6
+Stable tag: 2.9.7
 
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -55,6 +55,9 @@ Follow all these steps, keep in mind that once you start using bread, it's not g
 
 == Changelog ==
 
+= 2.9.7 =
+* Bug fixes to permission stuff.
+
 = 2.9.6 =
 * Farsi Translation
 * Replaced deprecated "chosen" with "select2"