=== Mikesoft TeamVault ===
Contributors: thestreamcode
Tags: documents, secure, collaboration, privacy, file-manager
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 8.0
Stable tag: 2.0.8
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Private document workspace for WordPress teams with protected storage, controlled access, previews, ZIP export, and drag-and-drop uploads.

== Description ==

Mikesoft TeamVault adds a private document workspace inside the WordPress admin for teams, agencies, partners, and back-office operations that need controlled access to shared files.

Instead of exposing documents through normal Media Library URLs, TeamVault keeps files in protected storage and delivers access through authenticated WordPress workflows.

TeamVault is a strong fit for:

* internal company document areas
* agency-to-client document sharing managed from WordPress admin
* partner or vendor file exchanges that should stay private
* operational archives that must stay separate from the public Media Library

What you can do with TeamVault:

* Upload files with drag and drop
* Organize documents in folders
* Rename, move, preview, download, and delete files from one interface
* Export a folder or the full library as ZIP
* Track uploads, downloads, moves, and deletions in the activity log

Why use TeamVault instead of the Media Library?

* It creates a dedicated private workspace for documents that should not mix with public website assets.
* It adds capability-based access control with an optional per-user whitelist.
* It keeps storage, maintenance, and export workflows focused on private documents instead of general media management.

Privacy and access control:

* Files are stored outside the normal Media Library workflow
* Access is controlled by the `manage_private_documents` capability, which allows full workspace actions including upload, download, export, rename, move, and delete
* Settings, activity logs, whitelist management, and maintenance tools require administrator-level `manage_options` access
* Optional whitelist mode adds a second authorization layer for selected users
* Cleanup and reindex tools help recover from migrations with missing binaries

Key features:

* Private document storage separated from the Media Library workflow
* Capability-based access control with optional per-user whitelist mode
* Folder create, rename, move, and delete operations
* Drag-and-drop uploads with upload validation
* Inline preview for supported files, including PDFs
* ZIP export for folders or the full library
* Activity logging for uploads, downloads, moves, and deletions
* Maintenance tools for orphan cleanup and storage reindex
* Storage widget focused on the space used by TeamVault files
* English interface with optional Italian translation

== Installation ==

1. Upload the `mikesoft-teamvault` folder to `/wp-content/plugins/`, or install it from the WordPress plugin screen.
2. Activate the plugin.
3. Open `TeamVault > Settings`.
4. Review the allowed file types and access settings.
5. Create folders and start uploading private documents.

== Frequently Asked Questions ==

= Are the files really private? =

TeamVault is designed to keep files private by storing them outside the normal Media Library workflow and restricting access through authenticated WordPress workflows. Protection still depends on the server environment and the storage rules generated by the plugin.

= Is TeamVault a replacement for the Media Library? =

No. TeamVault is designed for private operational documents that should stay separate from the public Media Library and normal website assets.

= Who can access TeamVault by default? =

New activations grant the `manage_private_documents` capability to Administrators only. You can enable whitelist mode to limit workspace access to selected users.

Sites upgraded from older releases should review existing role capabilities and whitelist settings if Editors previously had TeamVault access.

= Are file URLs public? =

TeamVault is designed to avoid normal public Media Library URLs by routing access through authenticated WordPress workflows. The exact storage protection still depends on the server environment and the generated storage rules.

Apache/LiteSpeed can enforce the generated `.htaccess`, IIS can enforce `web.config`, and Nginx requires an equivalent deny rule for `/wp-content/uploads/private-documents/`. For high-sensitivity deployments, use a custom storage path outside the public webroot.

= Can non-admin users access TeamVault? =

Yes, if they have the required capability and, when whitelist mode is enabled, they are explicitly allowed in the plugin settings.

= Can I change the storage directory? =

The plugin supports a custom writable storage path at code/configuration level, but the standard admin workflow is built around the default private storage location.

= What happens if I migrate the database but not the private files? =

The database records can remain visible even if the original binaries are missing. TeamVault includes cleanup and reindex maintenance tools for these recovery scenarios.

= Does the plugin support PDF preview? =

Yes. Inline PDF preview can be enabled or disabled in the settings.

= What does the storage widget show? =

The sidebar widget shows only the space used by TeamVault files. On many shared hosting platforms, PHP cannot reliably read the account quota shown by the hosting panel, so the plugin avoids showing misleading total or available values.

= What happens on uninstall? =

By default, TeamVault keeps its data for safety. You can enable full data removal before uninstall if you want the plugin to delete its files, folders, logs, and settings.

== Screenshots ==

1. TeamVault file manager with folder navigation, private file cards, upload/export controls, and the file details panel.

== Changelog ==

= 2.0.8 =
* Hardened uninstall data removal so recursive storage cleanup refuses paths outside the storage root and does not follow symlinks.
* Hardened upload validation so SVG remains blocked even if another extension filter tries to re-add it.
* Confirmed WordPress.org listing translations should be handled through translate.wordpress.org instead of shipping locale-specific readme files.

= 2.0.7 =
* Fixed stale file browser refresh behavior in local and proxy-backed environments by adding cache-busting to TeamVault browser/search requests.
* Disabled HTTP caching on browser/search REST responses so file and folder changes are visible immediately after create, upload, rename, move, and delete actions.
* Improved client-side upload size validation so it also respects the effective PHP upload and post limits before sending oversized files.
* Split REST permission callbacks into explicit read, write, and delete guards while preserving the current capability model.
* Hardened ZIP export temporary file generation and readability checks.
* Updated the in-plugin admin logo color to TeamVault blue.

= 2.0.6 =
* Fixed file list not refreshing immediately after delete file, delete folder, rename file, rename folder, and move file operations.
* Disabled HTTP caching for browser/search REST responses so local environments show changes immediately.
* Fixed ZIP export temporary file collisions and readability checks.

= 2.0.5 =
* Fixed new files and folders not appearing immediately after upload or folder creation.
* Fixed storage security notice reappearing on every page load with no way to dismiss it.
* Fixed JavaScript event listener accumulation on context menu and folder tree toggle.
* Fixed concurrent navigation requests corrupting the file list with stale data.
* Hardened download and preview streams: readable check before headers, MIME type sanitized against response splitting.
* Fixed several PHP correctness issues: wp_mkdir_p return value, finfo resource leak, tmp_name path handling, strtotime false guard.
* Fixed XSS vector in user search autocomplete via unescaped username attribute.
* Added sanitize_callback to REST API string parameters for WordPress.org compliance.

= 2.0.4 =
* Improved the upload error message when a file exceeds the size limit so it now shows the file name, its actual size, and the configured maximum.
* Added a client-side size check before upload so users get immediate feedback without waiting for a server round-trip.

= 2.0.3 =
* Hardened TeamVault filesystem boundary checks and rejected symlink traversal inside private storage operations.
* Added safer reindex validation so unsafe or disallowed files are skipped and reported.
* Switched activity log IP capture to the direct server address instead of spoofable forwarding headers.
* Added an administrator storage notice when the private document path is inside the public uploads tree.
* Changed new activations so only Administrators receive TeamVault document access by default.

= 2.0.2 =
* Fixed TeamVault REST requests on sites that use plain permalinks instead of pretty permalinks.
* Improved upload feedback when PHP rejects an oversized request before a file reaches TeamVault validation.

= 2.0.1 =
* Added the TeamVault file manager screenshot to the WordPress.org listing and GitHub documentation.
* Completed Italian interface translation coverage and removed stale translation entries.
* Fixed the move-file validation message shown when a file is already in the destination folder.

= 2.0.0 =
* Major security and reliability release for stricter administrator-only controls.
* Settings, activity logs, whitelist management, maintenance tools, and uninstall data controls now require administrator-level access.
* Reduced user data exposure by removing email search and email fields from the user search REST response.
* Improved large-file handling for uploads, downloads, previews, and ZIP exports while keeping Plugin Checker compatibility annotations in place.
* Added regression coverage for administrator-only controls and user search privacy.

= 1.3.6 =
* Restricted TeamVault settings, activity logs, whitelist management, and maintenance tools to administrator-level access.
* Reduced user search exposure by removing email search and email data from the REST response.
* Improved large-file handling by streaming uploads, downloads, previews, and ZIP exports in chunks instead of loading full files into memory.
* Added regression coverage for administrator-only controls and user search privacy.

= 1.1.35 =
* Improved the WordPress.org plugin page copy with clearer positioning, use cases, and privacy messaging.
* Expanded FAQs to better explain private access, Media Library differences, and user access control.

= 1.1.34 =
* Simplified the storage widget to show only the space used by TeamVault files.
* Fixed TeamVault storage totals so they are calculated from the registered files that still exist on disk.
* Persisted the detected on-disk file size during upload so new records stay aligned with the physical file size.

= 1.1.33 =
* Clarified storage usage in the sidebar with separate TeamVault, available, and total capacity metrics.
* Fixed TeamVault storage totals so they reflect the real filesystem size of stored files.

= 1.1.32 =
* Clarified release metadata and WordPress.org asset documentation for the latest maintenance release.

= 1.1.31 =
* Improved whitelist input handling for safer user access settings processing.

= 1.1.30 =
* Fixed whitelist user selection visibility in settings.
* Fixed persistence of selected whitelist users.

= 1.1.29 =
* Added TeamVault branding in the admin interface.

For the full release history, see `changelog.txt` in the plugin package.

== Upgrade Notice ==

= 2.0.8 =

Recommended security hardening update. Strengthens uninstall cleanup boundaries and keeps SVG uploads blocked even if extension filters are customized.

= 2.0.7 =

Recommended maintenance update for local and proxy-backed environments. Improves immediate file list refresh after file/folder changes, oversized upload feedback, and ZIP export handling.

= 2.0.6 =

Recommended bugfix update. Fixes the file list not refreshing automatically after delete, rename, and move operations.
Also improves local refresh behavior after create/upload and hardens ZIP export temporary file handling.

= 2.0.5 =

Recommended security and reliability update. Fixes UI refresh after upload/folder creation, persistent notice dismissal, JS listener leaks, and several PHP correctness issues.

= 2.0.3 =

Security hardening update. Review role capabilities and whitelist settings if Editors previously had TeamVault access.

= 2.0.2 =

Recommended maintenance update for sites using plain permalinks and for clearer oversized upload errors.

= 2.0.1 =

Recommended maintenance update for complete Italian interface coverage, clearer file move messaging, and updated plugin screenshots.

= 2.0.0 =

Major security and reliability update. Recommended for all installations that use delegated document access or large private file transfers.

= 1.3.6 =

Recommended security and reliability update for stricter admin-only settings access, reduced user data exposure, and safer large-file streaming.

= 1.1.35 =

Recommended update for a clearer and more professional WordPress.org plugin page presentation.

= 1.1.34 =

Recommended update for more accurate TeamVault usage totals and less misleading storage information on shared hosting.

= 1.1.33 =

Recommended update for clearer storage reporting and more accurate TeamVault usage totals.

= 1.1.32 =

Maintenance release that aligns version metadata and WordPress.org asset documentation.

= 1.1.31 =

Recommended maintenance update for safer whitelist settings handling.

= 1.1.30 =

Recommended bugfix update for whitelist selection and persistence.
