[Plugin: WP Sentry] Not limiting access in several cases

WP Version 2.8.5. Yes, I know I need to upgrade.
WP Sentry 0.8c

Great Plugin Pete!

Found a quirk (and a workaround) I wanted to report. I hope it’s really an issue and not operator error, although I do acknowledge the possibility exists.

Using some custom page templates in my theme, and had a need to do a category listing and an archive listing. I tried using get_posts() and wp_get_archives to accomplish my needs and in both cases I found that the results would list a private post that the user should not have had access to. When the post link was clicked on, the user was met with “not found” so the plugin did block access to the actual post, but the title still showed up using the various methods to get such post listings.

Here’s a workaround I came up with for a category specific listing that is properly controlled by WP Sentry. Hope it helps someone. Feedback welcome!

[code]
<?php

$current_user = wp_get_current_user();
$current_user_id = $current_user->ID;

$args = array( 'numberposts' => -1, 'category' => 6, 'post_status' => 'published', 'private' );

$query = get_posts($args);

foreach( $query as $post ) : setup_postdata($post);
if ($WP_SENTRY->user_is_allowed($current_user_id, $post->ID))
{
echo '<span class="date">';
the_time('m.j.y');
echo '</span><h3 class="post-title"><a href="';
the_permalink();
echo '" rel="bookmark" title="Permanent Link to ';
the_title();
echo '">';
the_title();
echo '</h3>';
echo '
';
}
endforeach;

}

?>
[/code]

Perhaps not pretty, but it works. The key is the use of

[code]
if ($WP_SENTRY->user_is_allowed($current_user_id, $post->ID))
[/code]