=== Highland Software Custom Role Manager ===
Contributors: jgrodgers
Tags: user roles, role manager, capabilities, permissions, user management
Requires at least: 5.4
Tested up to: 6.9
Stable tag: 1.0.2
Requires PHP: 7.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Manage multiple user roles, create custom roles, and control capabilities with an intuitive role builder.

== Description ==

Highland Software Custom Roles Manager extends WordPress role management by allowing administrators to create custom roles, assign multiple roles to users, and manage capabilities through an intuitive interface.

This plugin follows WordPress best practices for role and capability management, including strict server-side validation and protection against unsafe capability assignment.

Version 1.0.2 introduces a logging system for tracking role and capability changes, along with improvements to role loading and synchronization.

== Features ==

* Create and manage unlimited custom roles
* Assign multiple roles to a single user
* Group roles for better organization
* Drag-and-drop role ordering
* Capability management with toggle interface
* Role and capability change logging (audit trail)
* Protection against unsafe capability assignment
* Replace the default role dropdown with a checkbox-based interface

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to "HS Roles" in the admin menu
4. Configure roles and capabilities

== Frequently Asked Questions ==

= Can users have multiple roles? =
Yes, users can be assigned multiple roles using a checkbox interface.

= Are default roles modified? =
No. Default WordPress roles are protected and cannot be modified.

= Is the administrator role protected? =
Yes, sensitive capabilities such as `manage_options` are restricted.

= Will this plugin affect existing users? =
No. Existing users retain their roles unless explicitly changed.

= What does the logging system track? =
The plugin logs role and capability changes, including who made the change and when it occurred.

== Screenshots ==

1. Role builder interface
2. Capability management UI
3. User role assignment interface
4. Grouped roles display

== Changelog ==

= 1.0.2 =
* Feature: Added logging system for role and capability changes (audit trail).
* Improvement: Logs include user, action, and context for better traceability.
* Fix: Resolved issue where existing custom roles were not displayed on load.
* Improvement: Enhanced role synchronization to correctly merge stored configuration with WordPress roles.

= 1.0.1 =
* Security: Fixed a privilege escalation vulnerability in role assignment logic.
* Security: Enforced strict server-side capability checks for role modifications.
* Security: Prevented assignment of restricted capabilities such as manage_options.
* Security: Hardened AJAX endpoints with capability and nonce validation.
* Hardening: Improved role validation and synchronization logic.
* Hardening: Added rate limiting to AJAX endpoints.
* Props: Thanks to 0xherc1337 and Steven Stern (sterndata) for responsibly reporting the issue.

= 1.0.0 =
* Initial release
* Multi-role assignment
* Role grouping and ordering
* Capability management system

== Upgrade Notice ==

= 1.0.2 =
Adds logging for role and capability changes and fixes an issue where existing custom roles were not displayed. Recommended update.

= 1.0.1 =
Security update: fixes a role management vulnerability. All users are strongly encouraged to update immediately.

= 1.0.0 =
Initial release.