User Privledges

  • I like the fact that WP has user levels, however, I feel they are far too lacking. Preset levels make it harder to customize WP into other purposes. If you are using it as a community blog amoungst people you trust, it’s great – but what if it’s a professional site that requires moderation and editing of posts? WP fails here because level 0 *can’t* post, and level 1 can publish regardless.
    I have worked around this myself by hacking level one down to only being able to post articles in a “draft” state, but it was annoying to deal with levels being so inflexible.
    I would really like to see User Privledges instituted. “Levels” then would simply be preset values. Other people have had the same idea, but reccommended using a whole other table, which would be the proper way to do things. You could, of course, simplify by using a tab/space/comma delimitered string of 1’s and 0’s to determine access rights. Either way it is done, it would be handy to then be able to:
    <?php if( user_can('edit-posts', 'lower-users') == true) { display_article(); } ?>
    Regarless of storage means, these are some of the “privledges” that I think should be instituted:
    (* = a feature that doesn’t exist yet)

    • Profile:
    • Can edit profile
    • Can change user name*
    • Articles:
    • Can Add Articles
    • Can Set Article State To
    • Private
    • Draft
    • Publish
    • Can Edit
    • Own
    • Others(lower level)
    • Others(same level)
    • Others(higher level)
    • Can Change Post Time
    • Own
    • Others(lower level)
    • Others(same level)
    • Others(higher level)
    • Commenting
    • Can Add Comments
    • Can Edit Comments
    • Own
    • Others(lower level)
    • Others(same level)
    • Others(higher level)
    • Can Delete Comments
    • Own
    • Others(lower level)
    • Others(same level)
    • Others(higher level)
    • Can Change Post Time
    • Own
    • Others(lower level)
    • Others(same level)
    • Others(higher level)
    • Can approve/disapprove comments
  • Upload
    • Can Add Uploads
    • Can Delete Uploads
    • Own
    • Others(lower level)
    • Others(same level)
    • Others(higher level)
    • Categories
    • Can Add Categories
    • Can Delete Categories
    • Can Edit Categories
    • Links
    • Can Edit Links
    • Can Delete Links
    • Can Edit Links
    • Administrative
    • Users
    • Can Add Users
    • Can Delete Users
    • Lower Level
    • Same Level
    • Higher Level
    • Can Edit Users
    • Lower Level
    • Same Level
    • Higher Level
    • Can Promote Users
    • Can Demote Users
  • Can Change Options
  • Can Edit Template

    • So, did I miss anything there?

Viewing 12 replies - 1 through 12 (of 12 total)

  • This could be a useful reference for the future. Thank you!

    This would be a GREAT feature, especially for community blogs. I hope it’s implemented soon

    That would be a step in the right direction. But I really fail to see the flexibility in level at all (as in lower/upper level).
    Can’t we simply have some flags (one flag by function in WP), and the admin assign these flag user by user… ?
    In this scenario, it’s even easier to handle post|categories rights (as in acess/view/edit) management, we simply assign a custom flag for each protected post and/or categories (and the posts within) and give it to the users we want.
    So it would be something like: for the category “PrivateClub”, I give the access flag (can read posts/news/comments) to users #4, #62 and #98; and only these three users (and the admins) can read posts in that category even in the backend. And I may give the write flag (can edit the posts in that category) to user #62, so only him can write posts in that category, and so on.
    Very much like unix rights in fact….
    That would be very, _VERY_ useful.

    WP is a single user blog. It has been pointed out time and again that the user levels as they are now are as you put it “lacking”.
    I wager once WP offers multiblog ability things like “granulated rights” will be high on the DEVs agenda.
    BTW: The “can edit template” option would include being able to inject php? Risky…
    Drupal has granulated access (sort of), pity it’s “taxonomy” is so confusing for many ??
    ihad.

    I would also recommend a category for “View Posts”.
    That way, we can have the ability to restrict posts to users only above a certain level.

    Thread Starter chuyskywalker

    (@chuyskywalker)

    @ ihad
    <cite>WP is a single user blog.</cite>
    Nunh-uh. I see many users and plenty of potential. ??
    <cite>BTW: The “can edit template” option would include being able to inject php? Risky…</cite>
    Risky – yes, of course. That’s why you would only give it to certain users! Just like you do now. I don’t see why you pointed that out.
    <cite>Drupal has granulated access (sort of), pity it’s “taxonomy” is so confusing for many ;)</cite>
    I just finished installing Drupal and going through it. Yes, the taxonomy” thing is very confusing – know any FAQ’s or anything on how to use that part? ??

    Drupal seems very good, but doesn’t work (yet ?) on my target environnement.
    Too bad if WP would stay single user…

    Excellent suggestions in here. Let me add what I would like to see (although it may be repetitive):
    – As it is now, higher levels can edit lower levels, and users on the same level cannot edit each other. It would be cool if several users could collaborate on the same draft.
    – There should be something between draft and publishing, at “ready-to-go” state where posts don’t go live until they have been seen/edited by an admin. This right of semi-publishing could then be assigned to lower levels as well.

    Thread Starter chuyskywalker

    (@chuyskywalker)

    “users on the same level cannot edit each other.”
    Actually, users of the same level *can* edit each others posts. If you log in, then click “view site” and then click on the of “Edit Post” links that now show up on the home page, you can edit anothers posts. This is not protected anywhere except in the “Edit” section of the admin pages.
    – There should be something between draft and publishing, at “ready-to-go” state where posts don’t go live until they have been seen/edited by an admin.
    Generally, I consider “Draft” to be the stage you are talking about. Private would be “im writing it and thinking about it” stage.

    “Actually, users of the same level *can* edit each others posts.”
    Well, they can edit typos once a post has gone live, but if I’m not mistaken, they cannot edit each other’s drafts. Obviously, if you need to publish an article BEFORE you can collaborate on it, that’s not extremely helpful. ??
    *Ouch* you’re completely right about the “private” category, that’s exactly what I wanted. I DID know it’s there, yet I always overlooked it in a way. ??

    Thread Starter chuyskywalker

    (@chuyskywalker)

    Well, they can edit typos once a post has gone live, but if I’m not mistaken, they cannot edit each other’s drafts. Obviously, if you need to publish an article BEFORE you can collaborate on it, that’s not extremely helpful. ??

    Ah, I see what you are after – I am not positive, but I am willing to bet that same level users can edit each others drafts – if you set up a way for them to be linked into the other author’s drafts.
    i.e.: on my site, I have a query set up that any draft made by a lower level user shows up as “Drafts by XXX” on the Edit pages of senior users. You could do something like this and include users of the same level to achive what you want.
    However, for my purposes, allowing same level users to edit each others post will not do. With 80+ authors, I can’t be worried about who’s going to edit what – because “fixing typo’s” is not what they are limited to — entire posts can be re-written by the any same level user, and that would not be ok.
    What I am getting at, primarily though, is that (as in the first post here) the User Levels are very inflexible and assume you run your blog in a very certain way. With something more like User Privledges I could have it set up my way, and you could have it your way, and both of those “Levels” would be “Level 1”. capiche? ??

    hello people,
    i have some question. I?′m running a community blog, but, you know that problem… on priviledges level 1, everyone can edit the articles for users at the same level, what can i do to change that?
    i want that people can change just their own aritcles,
    what file i have to change? which php code i have to write there?
    f-fi

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘User Privledges’ is closed to new replies.