- added WP Users restrictions by UM Roles settings;

- added new extensions to the list;

README.md

@@ -41,7 +41,7 @@ Support requests in issues on this repository will be closed on sight.
 GNU Version 2 or Any Later Version
 
 ## Releases
-[Official Release Version: 2.1.7](https://github.com/ultimatemember/ultimatemember/releases/tag/2.1.7).
+[Official Release Version: 2.1.8](https://github.com/ultimatemember/ultimatemember/releases/tag/2.1.8).
 
 ## Changelog
 [ From v1.0.0 to latest version ](https://wordpress.org/plugins/ultimate-member/changelog/).

includes/admin/core/class-admin-builder.php

@@ -1066,6 +1066,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
 
 				case 'um_admin_review_registration':
 					//$user_id = $arg1;
+
+					if ( ! current_user_can( 'administrator' ) ) {
+						if ( ! um_can_view_profile( $arg1 ) ) {
+							$output = '';
+							break;
+						}
+					}
+
 					um_fetch_user( $arg1 );
 
 					UM()->user()->preview = true;

includes/admin/core/class-admin-users.php

@@ -26,6 +26,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 
 			add_filter( 'user_row_actions', array( &$this, 'user_row_actions' ), 10, 2 );
 
+			add_filter( 'user_has_cap', array( &$this, 'map_caps_by_role' ), 10, 4 );
+
+			add_filter( 'users_list_table_query_args', array( &$this, 'hide_by_caps' ), 1, 1 );
+
 			add_filter( 'pre_user_query', array( &$this, 'sort_by_newest' ) );
 
 			add_filter( 'pre_user_query', array( &$this, 'filter_users_by_status' ) );
@@ -38,6 +42,41 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 		}
 
 
+		/**
+		 * Restrict the edit/delete users via wp-admin screen by the UM role capabilities
+		 *
+		 * @param $allcaps
+		 * @param $cap
+		 * @param $args
+		 * @param $user
+		 *
+		 * @return mixed
+		 */
+		function map_caps_by_role( $allcaps, $cap, $args, $user ) {
+			if ( isset( $cap[0] ) && $cap[0] == 'edit_users' ) {
+				if ( ! user_can( $args[1], 'administrator' ) && $args[0] == 'edit_user' ) {
+					if ( ! UM()->roles()->um_current_user_can( 'edit', $args[2] ) ) {
+						$allcaps[ $cap[0] ] = false;
+					}
+				}
+			} elseif ( isset( $cap[0] ) && $cap[0] == 'delete_users' ) {
+				if ( ! user_can( $args[1], 'administrator' ) && $args[0] == 'delete_user' ) {
+					if ( ! UM()->roles()->um_current_user_can( 'delete', $args[2] ) ) {
+						$allcaps[ $cap[0] ] = false;
+					}
+				}
+			} elseif ( isset( $cap[0] ) && $cap[0] == 'list_users' ) {
+				if ( ! user_can( $args[1], 'administrator' ) && $args[0] == 'list_users' ) {
+					if ( ! um_user( 'can_view_all' ) ) {
+						$allcaps[ $cap[0] ] = false;
+					}
+				}
+			}
+
+			return $allcaps;
+		}
+
+
 		/**
 		 * Does an action to user asap
 		 *
@@ -200,13 +239,21 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 		function user_row_actions( $actions, $user_object ) {
 			$user_id = $user_object->ID;
 
-
+			$actions['frontend_profile'] = '<a href="' . um_user_profile_url( $user_id ) . '">' . __( 'View profile', 'ultimate-member' ) . '</a>';
-			$actions['frontend_profile'] = "<a class='' href='" . um_user_profile_url( $user_id ) . "'>" . __( 'View profile', 'ultimate-member' ) . "</a>";
 
 			$submitted = get_user_meta( $user_id, 'submitted', true );
-			if ( ! empty( $submitted ) )
+			if ( ! empty( $submitted ) ) {
 				$actions['view_info'] = '<a href="javascript:void(0);" data-modal="UM_preview_registration" data-modal-size="smaller" 
 				data-dynamic-content="um_admin_review_registration" data-arg1="' . esc_attr( $user_id ) . '" data-arg2="edit_registration">' . __( 'Info', 'ultimate-member' ) . '</a>';
+			}
+
+			if ( ! current_user_can( 'administrator' ) ) {
+				if ( ! um_can_view_profile( $user_id ) ) {
+					unset( $actions['frontend_profile'] );
+					unset( $actions['view_info'] );
+					unset( $actions['view'] );
+				}
+			}
 
 			/**
 			 * UM hook
@@ -235,6 +282,24 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 		}
 
 
+		/**
+		 * Change default sorting at WP Users list table
+		 *
+		 * @param array $args
+		 * @return array
+		 */
+		function hide_by_caps( $args ) {
+			if ( ! current_user_can( 'administrator' ) ) {
+				$can_view_roles = um_user( 'can_view_roles' );
+				if ( um_user( 'can_view_all' ) && ! empty( $can_view_roles ) ) {
+					$args['role__in'] = $can_view_roles;
+				}
+			}
+
+			return $args;
+		}
+
+
 		/**
 		 * Change default sorting at WP Users list table
 		 *
@@ -363,6 +428,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 				$views[ $key ] = $view;
 			}
 
+			// hide filters with not accessible roles
+			if ( ! current_user_can( 'administrator' ) ) {
+				$wp_roles = wp_roles();
+				$can_view_roles = um_user( 'can_view_roles' );
+				if ( ! empty( $can_view_roles ) ) {
+					foreach ( $wp_roles->get_names() as $this_role => $name ) {
+						if ( ! in_array( $this_role, $can_view_roles ) ) {
+							unset( $views[ $this_role ] );
+						}
+					}
+				}
+			}
+
 			return $views;
 		}
 

includes/admin/templates/extensions.php

@@ -134,6 +134,18 @@ $premium['user-locations'] = array(
 	'desc' => 'Using the Google Maps API, display users on a map on the member directory page and allow users to add their location via their profile',
 );
 
+$premium['user-notes'] = array(
+	'url' => 'https://ultimatemember.com/extensions/user-notes/',
+	'name' => 'User Notes',
+	'desc' => 'Allow users to create public and private notes from their profile',
+);
+
+$premium['profile-tabs'] = array(
+	'url' => 'https://ultimatemember.com/extensions/profile-tabs/',
+	'name' => 'Profile Tabs',
+	'desc' => 'Add custom tabs to profiles',
+);
+
 $free['jobboardwp'] = array(
 	'url' => 'https://wordpress.org/plugins/um-jobboardwp',
 	'name' => 'JobBoardWP',

readme.txt

@@ -156,12 +156,13 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
 * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
 * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
 
-= 2.1.8: September 3, 2020 =
+= 2.1.8: September 1, 2020 =
 
 * Enhancements:
 
   - Added dependency functions for extensions: [Ultimate Member - User Notes](https://ultimatemember.com/extensions/user-notes/) & [Ultimate Member - Profile Tabs](https://ultimatemember.com/extensions/profile-tabs/)
   - Added unique IDs to the form fields at the Profile's view mode
+  - Added restrictions for WP > Users list table based on UM Roles capabilities
 
 * Bugfixes: