| User | Post |
|
9:02 pm
December 16, 2008
|
metal450
Member
| | | |
|
| posts 178 |
|
|
I may be mistaken, but it appears to me that pages which I've explicitly restricted become PUBLICLY VISIBLE when the Role Scoper plugin is disabled. Is this true?
With Disclose-Secret (the plugin I'm trying to replace), disabling the plugin causes all posts with any type of restriction to be hidden completely - which is ideal, because there's no chance of even momentarily exposing my private information to the world (when, for example, disabling all plugins to upgrade WP, or for any other reason)…
|
|
|
9:38 am
December 18, 2008
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
You're right - Disclose Secret automatically stored the post status as private whenever you set a restriction, and Role Scoper does not.
Of course, you are free to manually set a private status and still make the post readable to any users you choose. In the documentation, I recommend this for extra security whenever restrictions are set directly on an individual post/page. However, I decided not to force the private status manually for the following reasons:
- Some users may choose to distinguish between "private" and "restricted" posts. For example, the Hidden Content Teaser can be configured such that uncredentialed users receive a teaser for restricted posts/pages, while private posts/pages are hidden completely. Also, the separate "Post Reader" and "Private Post Reader" category roles can be used to distinguish access.
- Role Scoper provides many different restriction methods (category restrictions, direct-assigned post/page restrictions, default post/page restrictions). Refreshing the stored status of each individual post/page each time any restriction is changed would be too cumbersome for programmer and server alike.
- To enable non-Author or even Subscribers to edit/publish specified content, Role Scoper does a lot of tricky filtering on post save. Early attempts to impose a private status tended to undermine other status-related filtering, causing problems with editing access.
|
|
|
10:02 am
December 18, 2008
|
metal450
Member
| | | |
|
| posts 178 |
|
|
Gotcha…thanx for the explanation! 
|
|
|
2:27 am
January 5, 2009
|
metal450
Member
| | | |
|
| posts 178 |
|
|
Just a recommendation: since it seems ideal not to <i>automatically</i> set posts to "Private" via the plugin, I'd highly recommend implementing some sort of warning/notice when a post is saved as restricted by Role Scoper but not private via WordPress. Several times already I've written private posts, setting the RoleScoper permissions but forgetting to click "Private" - realizing it some time later when I disable RoleScoper to test something and notice that the emberassing content was momentarily public!
Similarly, it might be a good idea to auto-check "Restrict for Post" if the user selects some user/group in the post permissions, as they're more than likely intending to restrict access to a post - and the result of forgetting to CHECK is much more dangerous/exposing than forgetting to UNCHECK
|
|
|
8:09 pm
January 5, 2009
|
Kevin
Admin
| | | |
|
| posts 2503 |
|
|
Thanks. Those are good points and I'll give some thought on how to best implement your suggestions.
|
|
Login
Register
Search 
Forums
Topic RSS 