[wp-hackers] Managing User Levels and Capabilities

Danny Dawson quasistoic at gmail.com
Tue Jul 6 20:52:42 UTC 2004 

Owen,

The conversation I was referencing was a discussion of Scott's
"Per-Post User Level Restrictions" hack, which I was testing at the
time.

"This modification allows blog authors to assign a minimum user level
required to view each post. The default value is zero (retroactively
applied to all existing posts), which means anyone can see the post.
By choosing the post level on the admin post or edit screen, the
author can limit who sees what."

http://www.skippy.net/blog/2004/05/23/per-post-user-level-restrictions/

On Tue, 6 Jul 2004 08:57:30 -0400, Owen Winkler
<ringmaster at midnightcircus.com> wrote:
> > While Scott's suggestion would provide a temporary solution
> > for me, I agree with Owen that a true ACL-style user auth
> > system would be far more preferable.  Any suggestions?
> 
> Here's my thought:
> 
> One of the issues currently with implementing an ACL-style system is
> that there isn't a list of possible permissions.
> 
> Perhaps centralizing the control of permissions would help this a bit.
> Instead of querying a user level at each point of the security process
> ("Can I upload?: $user_level > X"), we could centralize the permissions
> based on security monikers (permission_ok('upload')).  The code that
> returned whether a specific permission was allowed or not could be
> exactly the same as now (using $user_level), but the permissions would
> be centralized into a single function.  Net effect: No change.
> 
> However- This function would also provide a plugin hook.
> (do_action('get_permission', $reqested_permission);)
> 
> Unfortuntely, this system doesn't do much for restricting access to
> certain posts, since (as far as I know) there is no way to use the
> existing user levels to restrict posts for three separate user groups
> (guests, family, friends).
> 
> And while I'm brainstorming, a way to do this easily (depending on your
> definition of "easily") would be to restrict access based on category.
> In the category editor, an option might include setting a required
> access level to see posts from that category.  There's got to be a
> better way.
> 
> 
> 
> Owen
> 
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> 


-- 
--Danny Dawson

More information about the hackers mailing list