[wp-trac] [WordPress Trac] #32085: Less ambiguous dashboard access. Suggested new capability: access_dashboard

Thu Apr 23 19:15:13 UTC 2015

#32085: Less ambiguous dashboard access. Suggested new capability: access_dashboard
----------------------------+-----------------------------
 Reporter:  archonic        |      Owner:
     Type:  enhancement     |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  General         |    Version:  4.1.2
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 Wordpress makes the assumption that the theme (or some plugin) may not
 provide a place for users to edit their profile, and lets any registered
 user access the dashboard to do so. It's a decent assumption to make.
 While it creates a jarring "did I just leave the site?" experience, you
 can't assume the theme or some plugin will accommodate updating profiles.

 There are a host of other plugins that rely and build upon this
 assumption. Vendor Products (a paid Woocommerce extension) assumes users
 of any role have access to the dashboard, to let users identified as
 vendor admins (by its own means) manage products. There's an LMS which
 makes the same assumption to let teachers manage quizzes and such. I'm
 sure many other plugins make that same assumption.

 I recently discovered that WooCommerce relies upon the `edit_posts`
 capability to determine if a user should be able to access the dashboard
 vs getting redirected to "my account". This keeps customers on the front-
 end, which is valuable, but breaks a host of other plugins which assume
 any registered user can access the dashboard.

 Overuse of the `edit_posts` capability to determine some level of admin
 access is a different discussion (worth having!), but it seems obvious to
 me that a new capability should be introduced to specifically target
 accessing the dashboard. This is certainly a Woocommerce issue, but I feel
 an `access_dashboard` capability would remove the ambiguity around...
 well, accessing the dashboard.

 This would also let WP admins have refined control over letting their
 users access the dashboard vs staying on the front-end. Buddypress for
 example provides a front-end profile editing template. Under Buddypress
 settings, there could be a checkbox for allowing users to access the
 dashboard. Unchecking it would keep subscribers on the front-end.
 WooCommerce also provides front-end account management and could have the
 same approach. Users without these plugins could also just use a plugin
 like User Role Editor to remove the `access_dashboard` capability from
 subscribers to keep users on their front-end, or achieve the same result
 with 4 lines in their functions.php.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32085>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform