=== Mikesoft TeamVault ===
Contributors: thestreamcode
Tags: documents, secure, collaboration, privacy, file-manager
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 8.0
Stable tag: 2.0.9
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Private document workspace for WordPress teams with protected storage, controlled access, previews, ZIP export, and drag-and-drop uploads.

== Description ==

Mikesoft TeamVault adds a private document workspace inside the WordPress admin for teams, agencies, partners, and back-office operations that need controlled access to shared files.

Instead of exposing documents through normal Media Library URLs, TeamVault keeps files in protected storage and delivers access through authenticated WordPress workflows.

TeamVault is a strong fit for:

* internal company document areas
* agency-to-client document sharing managed from WordPress admin
* partner or vendor file exchanges that should stay private
* operational archives that must stay separate from the public Media Library

What you can do with TeamVault:

* Upload files with drag and drop
* Organize documents in folders
* Rename, move, preview, download, and delete files from one interface
* Export a folder or the full library as ZIP
* Track uploads, downloads, moves, and deletions in the activity log

Why use TeamVault instead of the Media Library?

* It creates a dedicated private workspace for documents that should not mix with public website assets.
* It adds capability-based access control with an optional per-user whitelist.
* It keeps storage, maintenance, and export workflows focused on private documents instead of general media management.

Privacy and access control:

* Files are stored outside the normal Media Library workflow
* Access is controlled by the `manage_private_documents` capability, which allows full workspace actions including upload, download, export, rename, move, and delete
* Settings, activity logs, whitelist management, and maintenance tools require administrator-level `manage_options` access
* Optional whitelist mode adds a second authorization layer for selected users
* Cleanup and reindex tools help recover from migrations with missing binaries

Key features:

* Private document storage separated from the Media Library workflow
* Capability-based access control with optional per-user whitelist mode
* Folder create, rename, move, and delete operations
* Drag-and-drop uploads with upload validation
* Inline preview for supported files, including PDFs
* ZIP export for folders or the full library
* Activity logging for uploads, downloads, moves, and deletions
* Maintenance tools for orphan cleanup and storage reindex
* Storage widget focused on the space used by TeamVault files
* English interface with optional Italian translation

== Installation ==

1. Upload the `mikesoft-teamvault` folder to `/wp-content/plugins/`, or install it from the WordPress plugin screen.
2. Activate the plugin.
3. Open `TeamVault > Settings`.
4. Review the allowed file types and access settings.
5. Create folders and start uploading private documents.

== Frequently Asked Questions ==

= Are the files really private? =

TeamVault is designed to keep files private by storing them outside the normal Media Library workflow and restricting access through authenticated WordPress workflows. Protection still depends on the server environment and the storage rules generated by the plugin.

= Is TeamVault a replacement for the Media Library? =

No. TeamVault is designed for private operational documents that should stay separate from the public Media Library and normal website assets.

= Who can access TeamVault by default? =

New activations grant the `manage_private_documents` capability to Administrators only. You can enable whitelist mode to limit workspace access to selected users.

Sites upgraded from older releases should review existing role capabilities and whitelist settings if Editors previously had TeamVault access.

= Are file URLs public? =

TeamVault is designed to avoid normal public Media Library URLs by routing access through authenticated WordPress workflows. The exact storage protection still depends on the server environment and the generated storage rules.

Apache/LiteSpeed can enforce the generated `.htaccess`, IIS can enforce `web.config`, and Nginx requires an equivalent deny rule for `/wp-content/uploads/private-documents/`. For high-sensitivity deployments, use a custom storage path outside the public webroot.

= Can non-admin users access TeamVault? =

Yes, if they have the required capability and, when whitelist mode is enabled, they are explicitly allowed in the plugin settings.

= Can I change the storage directory? =

The plugin supports a custom writable storage path at code/configuration level, but the standard admin workflow is built around the default private storage location.

= What happens if I migrate the database but not the private files? =

The database records can remain visible even if the original binaries are missing. TeamVault includes cleanup and reindex maintenance tools for these recovery scenarios.

= Does the plugin support PDF preview? =

Yes. Inline PDF preview can be enabled or disabled in the settings.

= What does the storage widget show? =

The sidebar widget shows only the space used by TeamVault files. On many shared hosting platforms, PHP cannot reliably read the account quota shown by the hosting panel, so the plugin avoids showing misleading total or available values.

= What happens on uninstall? =

By default, TeamVault keeps its data for safety. You can enable full data removal before uninstall if you want the plugin to delete its files, folders, logs, and settings.

== Screenshots ==

1. TeamVault file manager with folder navigation, private file cards, upload/export controls, and the file details panel.

== Changelog ==

= 2.0.9 =
* Fixed file moves so local private-storage files remain available on disk after being moved between TeamVault folders.
* Added regression coverage for filesystem adapters that report a move without leaving the file in the destination.

= 2.0.8 =
* Security hardening for uninstall data removal so storage cleanup stays inside the TeamVault storage root and does not follow symlinks.
* Security hardening for upload validation so SVG remains blocked even if custom extension filters try to re-enable it.
* Documentation update confirming that WordPress.org listing translations are handled through translate.wordpress.org.

= 2.0.7 =
* Improved file browser refresh reliability in local and proxy-backed environments.
* Improved oversized upload feedback before the browser sends files that exceed effective PHP limits.
* Split REST permission callbacks into clearer read, write, and delete guards.
* Hardened ZIP export temporary file handling.
* Updated the in-plugin admin logo color to TeamVault blue.

= 2.0.5 =
* Fixed immediate visibility for newly uploaded files and newly created folders.
* Fixed persistent storage notice dismissal and JavaScript listener accumulation.
* Hardened download and preview streams before response headers are sent.
* Fixed user search autocomplete escaping and REST parameter sanitization.

= 2.0.3 =
* Hardened private storage boundary checks and symlink traversal protection.
* Added safer storage reindex validation and clearer administrator storage notices.
* Changed new activations so only Administrators receive TeamVault document access by default.
* Improved activity log IP handling by relying on the direct server address.

= 2.0.0 =
* Major security and reliability release with stricter administrator-only controls for settings, logs, maintenance, whitelist management, and uninstall data controls.
* Reduced user data exposure in user search responses.
* Improved large-file handling for uploads, downloads, previews, and ZIP exports.
* Added regression coverage for administrator-only controls and user search privacy.

For the full release history, see `changelog.txt` in the plugin package.

== Upgrade Notice ==

= 2.0.9 =

Recommended reliability update. Fixes moved files becoming unavailable on some local and filesystem-adapter-backed environments.

= 2.0.8 =

Recommended security hardening update. Strengthens uninstall cleanup boundaries and keeps SVG uploads blocked even when extension filters are customized.

= 2.0.7 =

Recommended maintenance update for local and proxy-backed environments. Improves immediate file list refresh after file/folder changes, oversized upload feedback, and ZIP export handling.

= 2.0.5 =

Recommended security and reliability update. Fixes UI refresh after upload/folder creation, persistent notice dismissal, JS listener leaks, and several PHP correctness issues.

= 2.0.3 =

Security hardening update. Review role capabilities and whitelist settings if Editors previously had TeamVault access.

= 2.0.0 =

Major security and reliability update. Recommended for all installations that use delegated document access or large private file transfers.
