Introducing Role Scoper for WordPress

Intro to WordPress Roles · Role Scoper Description · Acknowledgements · Download · Usage Guide · News

WordPress: Capabilities, Roles and Wish Lists

Whenever you access a WordPress site, the software considers what you are trying to do: read a post, edit a page, manage categories. Most sites allow you to read posts and pages without logging in. Any other operation you may request is permitted only if your user definition (as identified by login name and password) includes a corresponding capability.

For administrative convenience, WordPress bundles capabilities into collections called roles. By default, these roles are:

Subscriber:

  • read published posts and pages

Contributor:

  • all Subscriber capabilities
  • contribute a post (for review by editor), and edit it before publication

Author:

  • all Contributor capabilities
  • contribute a post, publish/unpublish/edit it, and moderate its comments

Editor:

  • all Author capabilities
  • contribute/publish/unpublish/edit any user’s post
  • contribute or edit any page
  • manage all categories and moderate any comment
  • read posts and pages which are marked “private”

Administrator:

  • all Editor capabilities
  • define users and assign them roles
  • configure all site options

This role configuration works well for WordPress’ conventional application as a single-user blog. But what if you want someone to contribute their own pages without editing other’s post or pages? Or maybe some users should edit other’s posts without being able to edit pages at all. The current solution is to use an existing plugin like Role Manager to either redefine “Editor”, or create a cloned “Special Editor” role, moving existing Editors to it as needed. As plugins come on board with additional capabilities, the role permutations increase. This one-role-per-user paradigm makes for simple source code and queries, but as a site shifts from single-user blog to multi-user CMS, role creation / editing is inconvenient for both developer and site administrator.

If you manage to successfully define and assign custom roles for your WordPress CMS, soon you will wonder how to grant reading or editing capabilities for multiple subsets of posts or pages. On your WordPress-powered high school news site, how can you enable someone to post only to the “Sports” category? On your corporate intranet site, can you conveniently enable members of HR to edit existing and future personnel policy pages (but not the engineering best practices pages)? Can you enable someone to create a new page, but specify a subset of “parent” pages it can be linked to? Can all these content-specific roles be administered on a sectional basis, or must someone edit/administer the whole site or nothing?

By default, WordPress doesn’t have a good answer to those CMS dreams, regardless of any custom roles you may define.

Some past and current WordPress plugins (Limit Categories, Category Visibility, Post Levels, Restrict Pages, Disclose Secret, WP-Group-Restriction) have dealt with pieces of this permissions puzzle. Using them, I appreciated a multitude of useful features. Yet as I tried and tried again to combine and configure this plugin assortment to meet all my WordPress CMS aspirations, there was always a missing piece.

Enter Role Scoper

Role Scoper is a comprehensive enrichment for capability enforcement and administration in WordPress. Assign reading, editing or administration roles to users or groups on a page-specific, category-specific or other content-specific basis.

Role Selection Boxes in Edit Post / Page Form (note: for basic usage, this is all you need to deal with):

screen shot: Role Assignment Tabs in Edit Post

screen shot: Role Assignment Tabs in Edit Page

Optionally, define User Groups for subsequent Role Assignment:

screen shot: Edit User Group

Each User’s WordPress role is honored by default, but can be:

  • supplemented with content-specific role assignments
  • disregarded if the role is restricted for the requested content
Scoped Roles in User Profile

screen shot: Scoped Roles in User Profile

Set Category Restrictions to block reading/editing access for users who have a specified WordPress role but no corresponding Role Scoper role (note, post/page restrictions also available):

Assign Category Roles to expand reading or editing access:

^ click to examine Category Roles User Interface (sample html)

Scoped role restrictions and assignments are reflected in every aspect of the WordPress interface, from front end content and navigation to administrative post and comment totals.

Additional features:

  • Propagation of Roles or Restrictions to subcategories / child pages
  • Default Restrictions, Default Roles and Default Groups automate admin tasks
  • Hidden Content Teaser: choose whether unreadable front-end content is hidden or replaced with a customizable teaser
  • Role Administration Aides: Post/Page role assignment UI indicates where users have a role implicitly via WP role, category role or group membership.  (Made possible by a new role storage schema and users_who_can function).
  • Pending Revisions enable Contributors to edit a published post/page, with the change held for review by an administrator update: Pending Revisions are now handled by the Revisionary plugin.
  • Internal File Cache limits Role Scoper’s database query overhead
  • Attachment Filtering prevents direct file access to your uploaded images/documents if the user can’t view the containing post/page
  • Plugin API allows other plugins to define their own data sources, taxonomies, capabilities and content-specific roles
  • User Customization of Role Definitions (add or remove applicable capabilities for each content-specific role)

Although Role Scoper’s default configuration is ideal for most sites, its functionality and sphere of influence is highly customizable to match your usage.

^ click to examine Role Scoper Options User Interface (sample html)

Due to its abstract data model and API, Role Scoper can be extended to bring content-specific access control to other plugins which define and check WordPress capabilities.  The resulting plugin-specific roles will supplement any other assigned roles; there is no need to merge all capabilities into an all-inclusive role.

Role Scoper has been a stable release since March 2009, with over 200,000 downloads. This plugin is open source software released under the General Public License (GPL). Due to limitations, obligations and non-technical aspirations common to most human beings, I will probably never again donate unpaid plugin development on the scale Role Scoper has required. However, I do plan to provide some free support, correct bugs which emerge and revise the plugin for future WordPress versions. If it adds value to your website or saves you time and money, you can express appreciation in several ways:

427 Comments

  1. Pingback: mijn nieuwste favorieten van Friday, 23 May 2008

  2. Kevin

    Chris,

    Since that error doesn’t happen for every post edit attempt, can you say a little more about the configuration and steps that led to it?

    Was this a new or existing post? Private, published or draft? Were you logged in as admin? If not, what WP blog role did the logged user have? Did any of the stored or selected post categories have role(s) marked as exclusive? If so did the logged user have any of those section role(s) assigned? Did the post have any roles marked exclusive? Any object role assignments for the logged user?

  3. Chris Masse

    I did just enable the plugin without parametering it.
    -
    That error was not shown to me (the admin) but to one of my co-author.
    -
    It was a draft.
    He was an author.
    As I said, the plugin was enabled but I did touch the options.
    -
    Thanks
    Chris Masse

  4. Stefano, Wordpressmania.it

    Awesome plugin…

    but let’s say that I want to give to all the users who have the ‘Author’ role the ability to edit one and only one specific page, and no access to write/edit posts, links, category, etc…

    How can I achieve this result with your plugin?

  5. Damiano

    I was receiving an error (unexpected endif statement on line 239 in admin/groups.php) whenever I tried to access the Groups page. The error was caused by a missing closing brace for the IF statement on line 175. I solved it by replacing the opening brace with a “:”, and then adding “endif;” on line 192.

  6. Damiano

    To correct my previous comment: the error wasn’t caused by a missing brace (it is there, with an accompanying comment, on line 233), but by the fact that line 232 started with a short-style PHP tag. Having the support for short-style PHP tags turned off, I was receiving the error above. The fix was, simply, to use the standard PHP tag (“<?php” instead of “<?”).

  7. Kevin

    Damiano,

    I wonder if you have a bad download. My copy of groups.php does have a closing brace for that IF statement. In fact, the closing brace on line 233 is followed by a comment matching it to the if statement you mention.

    I’m glad you were able to work around that error, but modifying groups.php as you describe creates an error for me. If it still looks like that workaround is necessary on your installation, please mail me a copy of your file so I can look into it further.

  8. Kevin

    Joe,

    Thanks for that jovial introduction. Your excited discovery reminds me of why I undertook this project in the first place.

    The Role Manager question does now qualify as an FAQ, and I plan to put together such a document soon. Until then, the following is a short answer (longer explanation here):

    Role Scoper will coexist with Role Manager by
    * defining additional, supplemental roles (including blog-wide)
    * filtering the application of “regular” WP blog roles for certain content

    I chose not to go all the way and provide WP blog role definition and assignment because I don’t know where the WP core role storage schema is headed and prefer to treat it as a black box at this point.

  9. Kevin

    Stefano,

    You can do that (enable Authors to edit one page and nothing else) as follows:

    * Install the Role Manager plugin and use it to remove the “edit_posts” capability from the Author role. Can also remove all other caps except “read” if you want.

    * While logged in as admin and with Role Scoper activated, edit the page you want Authors to edit.

    * Expand the “Editor” dialog. Click on “Groups” and select “[WP Author]”

    * Save the page

    Prior to the new revision, these authors could still get into the “Write Post” / “Write Page”, but could not save anything as published. Now they won’t even see the “Write” menu link.

  10. Ken

    This looks like a great plugin, exactly what I needed!

    I understand how to do what you told Stefano to do, but I want to also allow users in a certain group to add new pages, but force them to make the parent page one of the other pages that they own. Your writeup says that that should be possible, but I can’t see how to do it. If I enable publish pages for the role, then they can publish pages anywhere, but if I don’t they can’t publish pages anywhere.

  11. Kevin

    I looked into this and found some bugs preventing it from working the way you expected. New version download and full description here.

    You should have Role Manager remove the publish_pages cap for your users’ WP Role, then follow the instructions in the link above.

  12. zack

    The plugin is excellent. Thanks for doing this!

    Quick question: what’s the best way to redirect a user without access? Right now, when someone tries to access a protected page, WordPress spits out the 404 page. I’d like to redirect to something more useful. Can this be done within Role Scoper or is this a WordPress hack?

  13. Kevin

    Zack, if your concern is only for a specific site, I would look into a theme hack. You should be able to add some code the 404.php which gets the requested page ID, checks for its existence with something like

    if ( $post_exists = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE ID = $requested_id" )
          echo 'Sorry, you do not have permission to view this page';
    else
          echo 'Normal 404 message';
    

    Since Role Scoper is running interference farther upstream at the DB query construction, I’m not sure I want to take any more error messaging than what is already available with the teaser option.

  14. Pingback: Role Scoper plugin for Wordpress - The Home of Tom & Morven - tombammann.homedns.org has permanently become tombammann.org

  15. Richard

    Thanks for a very comprehensive addition to the permission and role system. The documentation is quite involved and I simple want to ask this question: Can I make some category(s) accessible to registered users (subscribers) and admins only?

    TIA.

  16. Kevin

    Sure.

    Define Exclusive Categories

    • Go to WP admin >Roles > Exclusive Sections
    • For each category of concern, click the “Post Reader” and “Private Post Reader” checkbox
    • click the Update button

    Assign Category Roles

    • Go to Groups > Section Roles
    • Select WP Role group(s) to assign category roles to
    • For each category this user group gets, click the “Post Reader” and/or “Private Post Reader” checkbox
    • click the Update button
    • repeat for each set of category roles

    Note that if category role assignments need to be more customized, you can repeat the above process for individual users via Roles > Section Roles. Or define user groups (Groups > Groups) and repeat the above process, selecting your custom group instead of WP Role group. Later you can add or remove visibility of individual posts via the Post Edit interface if you need to.

    Finally, keep in mind that all the above instructions also apply to the creating, editing and publishing of posts if you designate editing roles for Exclusive Sections and for Section Role assignment.

  17. Pingback: Role Scoper- WP als Redaktionssystem endlich vereinfacht

  18. Pingback: WordPress Plugin Competition Blog » Role Scoper

  19. Aces

    I’ve just installed the plugin and got the following error:
    Parse error: syntax error, unexpected T_ENDIF in C:\websites\shakey1\wp-content\plugins\role-scoper\admin\groups.php on line 238

    reading the above comments I noticed line 231 started with <? – when this was changed to <?php – the error went away….

  20. Clive

    Life saving plugin Kevin. It’s just what I was looking for to make one of my sites work the way I wanted. Thanks for you time and effort – just sent a donation. Take care.

  21. Robert Augustin

    Hi Kevin,
    This looks like a great plugin and I have been looking for something like this – only I am getting a 500 Internal Server Error when I try to activate the Plugin. I had Role Manager installed but deactivated it before attempting to activate yours — any ideas why I get this error?

    Keep it up,
    Robert

  22. Kevin

    Robert,

    I haven’t seen or heard Role Scoper cause that kind of error, and don’t have any initial guesses how it would.

    Can you possibly e-mail me a copy of your php error log and (if it’s not confidential) .htaccess file?

  23. Mike

    Hey Kevin, thanks for this wonderful plugin! I upgraded to WordPress 2.6 today and seem to be having an error when saving pages and posts. When I click save, the page shows all the Role Scoper options without styling and has

    “Warning: Cannot modify header information – headers already sent by (output started at /home/ascensio/public_html/wordpress/wp-content/plugins/role-scoper/admin/filters-admin_rs.php:536) in /home/ascensio/public_html/wordpress/wp-includes/pluggable.php on line 770″

    at the bottom. The page did save, but that still happens everytime.

  24. Kevin

    Any WP 2.6 users who want to eliminate this annoyance prior to the next Role Scoper revision can edit plugins/role-scoper/admin/filters-admin_rs.php as follows:

    Change

    	function flt_theme_root($path) {
    		if ( awp_ver('2.5') ) {
    

    to

    	function flt_theme_root($path) {
    		if ( awp_ver('2.5') && empty($_POST) ) {
    
  25. Robert Augustin

    Kevin,
    thanks for the offer, but I managed to work around the 500 error. I still don’t know where it came from but after a fresh install of WP, and Role Scoper being the first plugin to activate, it works like a charm.

    On the old installation, I have been experimenting with another role managing plugin and WP Members, maybe they messed up the database so that even after they were deactivated, Role Scoper ran into some problems.

    Thanks again, great work! Keep it up
    Robert

  26. rob cain

    Hi,

    Firstly I would like to say – great plug-in! – really well conceived design approach – its rare to find software developers taking a ‘proper’ and ‘usable’ view of access control features; but you certainly seem to have.

    i think that this app, together with the user roles and capabilities plug-in role_manager should be incorporated into WP Core – its that important for a bona fide cms.

    One slight bug I’ve found so far:

    Upon logging on as Admin and Creating/Editing a new Page and assigning ‘Readers’, ‘Groups’ , [WP Subscribers], and then Saving, then I get presented with an ‘un-styled’ view of the same admin page, plus the following mesage at the bottom of the page:

    ‘Warning: Cannot modify header information – headers already sent by (output started at /home/fhlinux171/s/systemcore-epublishing.co.uk/user/htdocs/wordpress/
    wp-content/plugins/role-scoper/admin/filters-admin_rs.php:675) in /home/fhlinux171/s/systemcore-epublishing.co.uk/user/htdocs/wordpress/
    wp-includes/pluggable.php on line 770′

    I haven’t tested thoroughly yet, nor traced it, but it looks like a fairly simple bug to fix.

    Any thoughts?

  27. j.verhine

    Rob, Check three comments above yours.

    - –

    I noticed a new problem with 2.6. I cannot edit groups, edit members, or click the name within object role assignments without forcing a login screen that won’t process the login – it just keeps refreshing. Is this being experienced by anyone but me?

    Love the job you’ve done kevin.

  28. Darrell

    I am having some issue setting this up properly.

    I have a site with many pages and several categories.

    I want to add an author, but only give him access in the control panel to publish to a subcaategory.

    I thought i had set it up properly, but when I tested it, the control panel showed all categories and let me publish to any of them I liked.

    How do I go about setting this up properly?

    Excellent plugin by the way.

  29. Found By Design

    I would like to restrict certain users from being able to select a page template when they post. It would be great if those specific page templates did not even show when they created a page, but would show the permitted ones. Is this something that this plugin could be modified to handle?
    Thanks, Ed

  30. Arnold Young

    Kevin – I have a usage question. Before I get excited – could you please tell me if I can use this plugin to control a wp website based on Pages only (not blogs) to allow or restrict viewing/access of menu options(Pages) or page content based on a login via a membership plugin like amember, where each member is tied to one of the roles in wp and each page is designated an access level tied to roles? Please say yes! I am using wpremix2 themes and have hidepost and rolemanager activated – but am searching for a solution and this may be it. These are users not wp content contributors so it just is to read pages and access links and content on those pages.

    Thanks – Arnold

  31. Arnold Young

    Hi Kevin – I am on WP 2.6. I installed role scoper and I see under Write, Post, Advanced Options – Readers, Contributors, and Editors – but in Write, Page, I do not see these under Advanced Options, but rather under the Select Template under the WP Remix 2 Add Template File category just above the Advanced Options. So for some reason there is a code conflict – http://www.wpremix.com — it shows Readers, Contributors, Editors, and Associates.

    Thanks – this plug in looks really cool – but this situation is stopping the use of it. I reported this situation on the WPRemix Theme forum also – but stated that your plugin is powerful and can extend his powerful Theme system by a lot if I think I what I see is so. But I could not try it because of the conflict.

    Thanks

  32. Pingback: 10 brand-new & promising WordPress Plugins | Beeex.net

  33. Kevin

    Arnold,

    The conflict stems from the absence in the WP core of a hook (dbx_page_advanced) for inserting custom entries under “Advanced Options”. It was present through WP 2.3, then dropped and I haven’t taken up the cause with the WP core team yet. Instead I make use of another hook (theme_root) which normally fires at the desired time. Apparantly WP Remix makes it fire earlier.

    I have a workaround in mind, but since WP Remix is a paid product and I don’t have a copy, please let me know if this works. In plugins/role-scoper/admin/filters-admin_rs.php, replace function flt_theme_root with the following:
    [code snippet removed; fix is included in updated Role Scoper releases]

  34. Mariusz

    Hi,
    Great plugin, thank you.

    I have one question: I would like to use your plugin to restrict some categories to some groups of users. If some one logs in he should see all unrestriced posts/categories plus his own. It works fine. But where user is not logged in as any role he can see all, and I want to hide some groups for him.

    Is it possible?

    Thanks,
    Mariusz

  35. Arnold Young

    Thank Kevin – I was making the change and then tried to launch WP then I got a 500-internal-server error — so I am trying to recover and get WP to work so I can test this code. I will let you know as soon as I am back up again. Maybe the .htaccess file got corrupted? Not sure yet.

  36. Kevin

    Okay, thanks to Arnold’s cooperation I tracked down the WP Remix conflict. This was my fault for not noticing the do_meta_boxes action introduced in WP 2.5

    In plugins/role-scoper/admin/filters-admin, change:

    [code snippets removed; fix is included in updated Role Scoper releases]

  37. Arnold Young

    Kevin – - that shows correctly now for Pages! Thanks for your quick response in fixing this situation. I am excited to use your comprehensive plugin.

  38. Mariusz

    Hi Kevin,

    I managed to set up categories and roles for them. Now when I log in as ‘footballer’ I can see only his categories. But when I’m not logged in I can see all categories and I should see none. Is it possible to do?

  39. Mariusz

    To avoid unlogged users seeing all I set posts to private. But role ‘teacher’ can see private posts of ‘footballers’ even If in setup he should see only his category.

    And when post are private and I set ‘footballers’ to see them, their category is not listed on the side bar. Am I doing something wrong or plugin doesn’t have capabilities I need?

  40. Arnold Young

    Kevin – trying to understand how to control granting or denying access to a page and page content without putting each member/user in the WordPress user list. Is there are way to just use the role user level value linked to my member in my membership database?

  41. Kevin

    @Arnold – I’m not sure what you mean by role user level. Is that something aMember introduces – maybe using the deprecated WordPress numeric user level which preceded the roles system? I’m going to look into aMember today or Monday.

  42. Jessica

    Dear Kevin!

    Thank you so much for your effort and this wonderful plugin!! :-)
    I’ve been using the Disclose Secrets plugin for a while, but since it has not been updated for a long time and I wanted to update my WordPress, I’m now using yours. It was quite a piece of work to edit all the old entries but it’s worth it. I could not blog without your plugin because I just want certain people to read private things. Honestly, I don’t know why a feature like this still isn’t part of the WP core?!
    Please keep up the good work! :-)

    I have also a question: Is it possible to turn off the text in the user’s profile that shows to himself in which groups he is a member and the list of posts he can read because of that? The list can become quite big and I don’t want the users to see to which group they belong to. I don’t want anyone to get offended by recognizing that he cannot read the super confidential things. ;)

    Greetings from Germany!

  43. Kevin

    Jessica,

    Glad to hear it’s working well for you. Thanks for the encouraging words; I do enjoy all the overseas acquaintances Role Scoper has brought me.

    There is currently no option available to hide that info. However, you can force it by editing admin/filters-admin_rs.php as follows:

    add the following code to the top of the functions ui_user_groups and ui_user_roles, just after the opening {

    if ( strpos( $_SERVER["REQUEST_URI"], "profile.php") && ! is_administrator_rs() )
       return;
    
  44. Pingback: 2008 Plugin Competition Review, Part 2 of 2 « planetOzh

  45. Pingback: Events-Calendar 6.5 The last version | Heirem's

  46. Pingback: Admin Drop Down Menu: More Goodness & an API « planetOzh

  47. Pingback: links for 2008-08-24 | hansi.unblogged

  48. Jessica

    Hi Kevin!

    I’m afraid I have to bother you with another question. ;)

    Since WP 2.6 I’m using the tagging system of WordPress itself instead of Simple tagging. By now, the tagcloud just displays the tags used in public posts, those of private posts are ignored even if I’m logged in.

    I wonder if it is possible to make wp_tag_cloud / wp_generate_tag_cloud work with your plugin so that the tagcloud displays the tags of all posts the current user is allowed to see due to your plugin.
    That would be pretty cool. :-)

    (Simple Tagging and Disclose Secrets for some reason just did that, but I do not want to switch back to one of those plugins.)

    Greetings,

    Jessica

  49. Todd Lambert

    Hi Kevin, thanks for your awesome plugin… it’s sorely missing from WP.

    I’ve run into a few snags with the plugin, not sure what is causing it.

    I had it installed and working, and was clicking on some of the options for it, when it completely killed my site. Both backend and front went down.

    I removed the role scoper folder from the plugins folder, and it came back ok. But everytime I add it back, it takes the site down.

    I then went in and deleted all of the tables that were related to RS… and again the blog came back working.

    However, as soon as I upload the RS folder and try and activate it, it crashes everything again. Looking at the values in the datasbase, it appears that there is data from the previous install in the new tables created when activating the plugin. How can that be? I dropped the tables!

    The tables for this plugin are:
    wp_user2role2object_rs
    wp_user2group_rs
    wp_role_scope_rs
    wp_groups_rs

    Are there any others or data put somewhere that I am missing?
    Help, I can’t seem to get this functionality back up and working.

    This is on 2.6.2
    Can reproduce with any or none of the other plugins I’m using:

    Cimy User Extra Fields
    Role Manager
    Page Category Plus

  50. Kevin

    Todd,

    Role Scoper also maintains a cache of the role settings in wp-content/cache. A corruption of that cache may or may not be the cause of your problem. For diagnostic purposes, please zip the cache folder and mail me a copy (I’ll send you my address). Then to return to a clean slate, delete the contents of wp-content/cache.

    I can’t imagine any scenario where cached values would be reinstated in newly created db tables on plugin activation. Did only certain data/tables seem to be carried over, or pretty much everything?

    Let me know if you can remember which options you set just before the site crashed.

  51. matt

    wow this plugin looks to be exactly what i want. i installed but i’ll be honest i’m too scared to flicking switches and buttons incase i screw my blog up.

    i have quite a simple user case scenario that i want to set up for just adding new authors and then setting what new authors (and therefore existing authors) can do.

    is there anyone out there who can help me?

  52. Kevin

    You can disregard most of the Options and Realm settings, as the defaults will work well for most installations. Beyond that, please see the Usage Guide. I’m working an a revision with an improved administrative interface (more inline help, more intuitive menu and form layout, better bulk editing). Unless you have a question on a specific point that’s not covered in the Guide, we’re probably both better off having me focus on getting the friendlier version out.

  53. Pingback: WordCast 29: I’m Your Fairy Blogmother! - Dave Moyer

  54. Joost

    Well, this module seems to solve a lot of problems for us. But I don’t seem to get it exactly how I want it. For instance, using the author-group as a basis I want to restrict access to that group, only allowing it to post to one category.

    I managed to do that, by first revoking rights, and then assign a Section Role of Post Author to “author”.

    But now it is not possible anymore for an author to edit their own posts. When I change the section role editor, it suddenly gets the right to edit ALL posts in that category (and when the user posts, he will post as “admin”).

    I want a mixture of those two situations (able to post and edit own posts).

    What am I missing here?

  55. Matt K

    Great plugin. The detail is amazing. I am, however, having a problem. After install I am getting the following error:

    Warning: in_array() [function.in-array]: Wrong datatype for second argument in /html/blog/wp-content/plugins/role-scoper/admin/admin-bulk_rs.php on line 49

    Warning: in_array() [function.in-array]: Wrong datatype for second argument in /html/blog/wp-content/plugins/role-scoper/admin/admin-bulk_rs.php on line 51

    Unfortunately this issue is severe enough that it is preventing my page restriction from working. Any ideas what this code be or is it likely some conflict on my end?

  56. Hoib

    If I have a series of pages for public consumption and members consumption but then a series of 5 additional pages for members only, does RS give me the ability to password the members only as a “section”? IOW, I’d like a Member’s Only Log In as the parent and the 5 additional pages as the children to be displayed on the sidebar ONLY after the password is entered. The problem now is that the 5 child pages show up in the sidebar even though they’re underneath the passworded parent.

    Is this what RS does? I want to know before going through a lot of work for nothing, please.

    Thanks.

  57. Pingback: spielwiese. » Blog Archive » clean-up.

  58. Kevin

    Hoib,

    Role Scoper would allow you to hide a page (and its subpages if you so choose), displaying it only to users you specifiy. Menu links visibility follows page readability.

    It does sound like there’s one area where we’re “not on the same page”: RS Roles (in your case, to make a restricted post/page readable) are based on a user login/password, NOT a page-specific password.

  59. puela

    Hello Kevin,
    Thanks for the great plugin, but I’m getting this error.
    “wp-content/plugins/role-scoper/hardway/cache-persistent.php on line 35″
    I’m pretty new at all this. Any help would be greatly appreciate it.
    Thanks in advance.
    Puela

  60. rcain

    Hi, congrats and thanks for this excellent plugin.

    I haven’t tried it out fully yet (there’s a lot to it), but i am pretty confident it should cover most future access control requirements i might come across.

    question: should it work with wordpress mu?

    i am aware that role_manager plugin http://www.im-web-gefunden.de/wordpress-plugins/role-manager/ isnt yet formally supported on mu, however i think i have the two ‘sort of working’ together in an mu environment – alongside a hacked version of the ‘More-Privacy-Options’ plugin – http://wpmudev.org/project/More-Privacy-Options.

    i am interested in working with others to produce a stable solution based around this config. can you (or anyone else) offer any further advise/guidance/experience in this direction?

    thanks again

  61. Kevin

    In very brief trials, I have found Role Scoper to function normally when installed for any individual blog on a mu site. You will have a separate Role Scoper configuration for each blog. However, all site users are available for role assignment without the need to register them on the specific blog.

  62. Rob

    Hi Kevin,

    Amazing plugin – kudos to you!

    Not sure if I am doing something wrong (or misunderstanding the use of the plugin), but I cannot get post specific restrictions to work. Category works great.

    So, having no other restrictions set, I go to Restrictions > Posts and set a default Post reader restriction. If I then look at an individual post, I see Readers – restricted role in advanced options, but I can still see post in the blog when not logged in.

    If I set a group (eg administrator) for that individual post, I see Readers (restricted role, 1 group), but post still visible when not logged in.

    I have to set the individual post to ‘Private’ to hide it from not-logged in visitors, or set a category restriction.

    Cheers
    Rob

  63. Pingback: 35 Tips Tricks To Manage and Handle Multi-Author Blogs | Wordpress

  64. Pingback: How does People Online turn WordPress into a servicable CMS? | subjectverbobject

  65. James

    Thanks for an excellent plugin Kevin!

    I am still trying to find my way around the complexities of various roles and permissions and wondered if you could answer a quick question for me?

    I have a post role called ‘Private Post Readers’ granting access to premium posts. I used the ‘Hidden Content Teaser’ window to add a suffixed (p) graphic to appear after Premium posts for anonymous users. However when I am logged out (ie: anonymous) and look at the recent posts list all the posts whether premium or not are marked with the (p) graphic.

    Any idea what I am doing wrong?

    Thanks again for the excellent plugin.

    James

  66. Kevin

    James,

    By “recent posts list”, do you mean a sidebar list or the main WP posts list?

    What makes your posts premium or non-premium? Are some (or all?) set private by WP? Set as restricted (directly or via category / default restriction) by Role Scoper? Any of these would cause the hidden content teaser to jump in on the anon user.

  67. Hoib

    Hoib,

    Role Scoper would allow you to hide a page (and its subpages if you so choose), displaying it only to users you specifiy. Menu links visibility follows page readability.

    It does sound like there’s one area where we’re “not on the same page”: RS Roles (in your case, to make a restricted post/page readable) are based on a user login/password, NOT a page-specific password.

    OK, Kevin – I seem to have gotten off on the wrong foot with my understanding of WP as a whole and RS in particular. Just confirm for me please: In order to use RS, I have to have a system whereby the member has to actually log in – username/password – right? IOW, how’s it going to know what role to assign if we don’t tell it an identity? I was trying to keep it as simple as possible and not have to mess with administering usernames/passwords for members individually. I suppose I could give everyone a single username/password combo. Our members won’t be doing a lot of posting of comments/editorials. Mostly info output only.

    Just confirm for me please that I’ve correctly understood how “roles” get defined in WP…

    Thank you.

  68. Pingback: Все для блога с несколькими авторами - Запись - Андрей aka Лонгот

  69. Pingback: Items of interest » Blog Archive » Bookmarks for December 3rd through December 4th

  70. Pingback: 8+ Things You’d Like To Know Just Now « Feet up, eyes closed, head back

  71. Pingback: R O T H A R . C O M » Blog Archive » Web Geekery Mode Engaged

  72. Henry Kleinespel

    Hey ! Nice plugin but :

    – conflict with the “Open ID” plugin…
    – I get this when trying to assign a group to a limited set og pages :

    Fatal error: Unsupported operand types in /homepages/16/d263912724/htdocs/blog/wp-content/plugins/role-scoper/admin/admin-bulk_rs.php on line 659

    FIY :
    – hosted with 1and1 in France
    – blog URL : http://blog.henryk.fr
    – WP 2.7

  73. Kevin

    No, Role Scoper cannot control what type of upload someone posts. The best you could do would be to dictate which categories a user can author in. Then if if they put a movie in the photo category, you edit it and/or banish them.

  74. walter

    Could you walk me through your plugin? I’ve been going through it and could use some clarification. Could you email me?

    I don’t see the Object Roles you mention in the screen shots at the top of the page and in the notes.

    [Category Roles for WordPress pages are disabled for this blog. Object Roles can be assigned to individual pages, and optionally propagated to sub-pages. Another option is to categorise pages via the Page Category Plus plugin.]

    Also, do I understand this correctly? I can have a WP role of editor. Then use Restrictions to prevent this person from doing anything more than author for a specific category. Would I check the boxes for all roles below and including author, or just author?

    And vice versa, I can have a WP role of author. Then use Roles to allow this person to be an editor for a specific category. Or do I use Restrictions to allow them more access?

    I could use a walk through of your UI.

  75. walter

    I think I figured it out.

    First you click on Restrictions and select the roles you want restricted for the categories or posts or pages.

    Then you click on Roles and select the people or groups that you want to give special access/roles to for each Restricted category or post or page.

    That’s not so tough once you figure it out. It took quite a bit of figuring though for such a helpful tool.

  76. Pingback: How to use Role Scoper plugin for WordPress « walnotes and mySpace music trails

  77. Ramil

    Would like to ask if this plugin has the capability to limit the number of entries an author can post in a day. For example, I want AuthorXXX can be able to post only two entries in one day.

  78. Kevin

    @Walter:

    Yes, due to user feedback I recaptioned “Object Roles” as “Page Roles” and “Post Roles”.

    The screen shots in the Usage Guide are not yet updated to reflect that change. Thanks for working through it anyway.

  79. Beth

    Hi–This is exactly what I’ve been looking for! Great work. I’m hoping you can tell me what file the edit-form-advanced modification for the category_checklist would be in.

    I’m working to display categories on the add post panel in columns, and with this plugin I’m guessing I’d want to make the adjustments there?

    Thanks in advance!

  80. Kevin

    Beth,

    You can limit available posting categories by setting restrictions (Restrictions > Categories) on Post Contributor, Post Author and possibly Post Editor. The actual settings will depend on what classes of WordPress users you want to restrict. After restricting a category, you can also make it available to selected users by setting Category Roles (Roles > Categories).

    I don’t know what you mean by displaying the categories in columns, but if your solution calls the WP function get_categories (or get_terms), the restrictions and roles will be applied.

  81. Beth

    …Nevermind. I ended up shrinking the text size of my category checklist so I could see everything.

    I am now trying to turn off the object roles boxes that show up on the Add new post screen. The whole point of limiting the categories that appear for Authors was to declutter that area, and so having these boxes (which won’t be used by contributors) defeats the purpose.

    Great plugin altogether though. Nice work!

  82. Beth

    Kevin–thanks for your responses. I still need some help decluttering the Author area as Authors won’t need the role assignment tabs. I had to elevate users to Author status because it’s important that they can change the date of publication (we post a lot of links to past news articles and order them by their original publication date).

    Therefore I need to keep the Author status, but I’m hoping to remove those role assignment tabs.

  83. Kevin

    There’s currently no way to hide the role assignment boxes from authors on a new post. I’d like to think on this more before implementing an option to do so. But you can put the following code in plugins/role-scoper/admin/filters-admin-ui_rs.php, in function add_meta_boxes – at the top of the function, just after the opening curly brace:

    global $current_user;
    if ( empty($current_user->blog_roles['rs_post_editor']) ) {
    	remove_action('do_meta_boxes', array(&$this, 'act_tweak_metaboxes') );
    	return;
    }
    

    This will be your private hack, and will need to be reinstated each time you upgrade Role Scoper. However, I’m leaving that code commented out in the main source to make it easy for you.

  84. mayan

    hey, using your plugin so that one of the users ive created can read private posts too. got that all set up fine. they can see the private posts and now search for them in the search bar.

    however the private posts arent coming up in the “recent posts” section, and the tags assigned to the private posts arent in my tag cloud.. any way of getting that to work?

  85. Kevin

    mayan,

    For the time being, you will need to perform two hacks to the WordPress file wp-includes/widgets.php:

    change:
    $r = new WP_Query(array('showposts' => $number, 'what_to_show' => 'posts', 'nopaging' => 0, 'post_status' => 'publish', 'caller_get_posts' => 1));

    to:
    global $scoper;
    $status = ( empty($scoper) ) ? 'publish' : '';
    $r = new WP_Query(array('showposts' => $number, 'what_to_show' => 'posts', 'nopaging' => 0, 'post_status' => $status, 'caller_get_posts' => 1));

    change:
    wp_tag_cloud();

    to:
    wp_tag_cloud( array('hide_empty' => false) );

    I’ll put in a request with the WP team to make those functions more filterable.

  86. mayan

    Kevin your support is really appreciated, thankyou!

    recent posts works perfectly. it shows the recent private post for logged in users with private post permission, and disappears if you are not logged in.

    however the tag cloud does now show private post tags, but it shows them to people who are not logged in as well hmmm

  87. mayan

    Again thanks alot kevin, however when i installed the development snapshot plugin the new tags did show, however the tag cloud isnt working properly and picking up posts, they all link to nothing and are the same size :|

    im going back to the older role scoper version and keep trying to find a workaround

  88. Kevin

    Okay, I fixed the tag cloud sizing problem in the updated Development Snapshot

    I don’t see any problem with the tag links, though. What WP version and permalink settings are you using?

    The only caveat I’m aware of now is that the sizing will be based on total posts with the tag – including posts the user can’t read. At this point, filtering the tag sizing seems more trouble that it’s worth. If it proves hugely important to folks, I will reconsider.

    If you have any other feature requests, please post them in the Support Forum.

  89. Herb S

    Role Scoper – V1.0.0 RC1 – Roles > Posts > yields:
    Fatal error: Unsupported operand types in /home/stmichaels/public_html/wp-content/plugins/role-scoper/admin/admin-bulk_rs.php on line 647

  90. Rafael

    Hello,

    Your plug in looks promising, but I’m getting a fatal error when I install it.

    After I installed your plug in, whenever I try to edit this page ( ), I get this error:

    “Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 266375 bytes) in /home2/tpsevnin/public_html/wp-includes/formatting.php on line 79″

    right in the WordPress post edit screen.

    I’ve deactivated your plug in so you can see the page.

    Rafa

  91. Ben

    Hey, I’m using your plugin for an educational project. I’m having issues getting any links to display using wp_list_bookmarks() when Role Scoper is activated. What is the work around for that?

  92. Pingback: WordPress CMS: Plugin Must Haves « NerdSpawn.

  93. Randy

    Right after activating your plugin, I received an error when viewing my site:

    > Warning: array_diff_key() [function.array-diff-key]: Argument #1 is not an array in /home/ . . . /wp-content/plugins/role-scoper/hardway/hardway_rs.php on line 296

    I searched the web to find that this is difference between PHP 4 and PHP 5 that someone had figured out how to get around: [http://drupal.org/node/36408#comment-354216]. I made this change at line 296, and the error went away.

    Thanks,
    ~randy

  94. Kevin

    Randy,

    Thanks for alerting me to this.

    It’s actually due to my misspelling of a variable name in the line you edited. $term_by_id should instead by $terms_by_id. This should not affect many installations, as the involved code block is a leftover from WP 2.3 support and serves no purpose now.

  95. Mark Russell

    This is the most amazing plugin, really well done! I have spent months testing others out there and this does exactely what I need and more, I rarely take the time to post comments but this deserved it, amazing! The only thing I would ask, is there any way to setup email notifications, so if someone edits a post the admin is notified? and if admin edits a post the user is notified?

    Thanks again

  96. Patrick Reynolds

    Great plug-in. Took me a few hours to figure out how I needed it to work, and then it worked great.

    One question: Are there any public functions that I can use in the WP Admin screens to check capabilities? I’m trying to hide an option if a category is not allowed for the role that is currently logged in. Thanks!

    -Patrick

  97. Kevin

    Patrick,

    Do you need to find out if the user can read posts in the category, create/edit posts in the category, or edit the category itself?

    If all you want is to know whether the user has a certain category role assigned, you can do this:
    global $current_user;

    if ( isset($current_user->assigned_term_roles['category'][rs_post_reader']) 
    && in_array($cat_id, $current_user->assigned_term_roles['category'][rs_post_reader']) ) {
       // do stuff
    }
    

    I would also be interested in hearing what your main points of confusion were, and what would have made the orientation easier.

  98. Patrick Reynolds

    Kevin,

    Thanks, that did the trick. I did not know about $current_user. That object is full of good stuff.

    I guess the confusion came from how I was approaching the modifications I needed. I have 4 roles that need custom names and capabilities and I started by trying to modify the RS roles within defaults_rs.php. This was the wrong approach for me.

    I ended up using Groups to take care of the custom names, then I set the capabilities for Groups (instead of users/roles). I set new user WP roles to Subscriber, and add Groups to each user from there.

    Nice plugin.

  99. Pingback: spielwiese. » Blog Archive » wordpress dos-ing itself, and optimization.

  100. Pingback: Buchreview: WordPress professionell einsetzen - FirstDayBlack

  101. Andy

    This looks like a good plugin. I am a little confused on how to use it though. It seems extremely complicated.

    What I would like to do is create a user who can login to the admin panel but only edit a certain pre-created page. The person should be able to create subpage for that page. But that is all.

    I have no idea how to do that after looking through the usage guide link. By chance could anyone give me some very simple instructions? using WP 2.7.1

  102. Pingback: Umstieg von Disclose-Secret und Role-Manager auf Role-Scoper » Blog, Plugin, Wordpress » Leben des wolf-u.li

  103. George Snyder

    First thank you for creating such a wonderful plugin, I have used it to great effect on a couple of blogs.
    The first problem that I have come up with on a new blog that me and my associates are working on is a multi language blog using the qtranslate http://www.qianqin.de/qtranslate/ plugin. This plugin allows you to have many languages on one installation. Now the bug I am having with your plugin is that when your plugin is turned on, it stops all of the categories being translated, they stick to the default language, everything else works pages, links content etc just not categories… any ideas…
    so when your plugin is activated wp_list_categories() does not translate…

    Here is how this plugin functions
    http://www.qianqin.de/qtranslate/forum/viewtopic.php?f=3&t=294
    http://www.qianqin.de/qtranslate/forum/viewtopic.php?f=3&t=9

    So somehow your plugin is messing with the internal wp_list_categories()

    Any help greatly appreciated, aswell as your plugin being the only one that really enables a true cms user base system and the qtranslate plugin is really the only one that works for multilanguage blogs, it would be really great and open your user base even larger if the two could work in harmony.

    Thanks
    George

  104. The House of Husar

    I have a question on the plugin. I need the ability to give a specific user (or maybe group) access to edit a specific page. So for instance, they have a page dedicated to them and only they (as well as admins) can edit that page. They can’t create anything new.

    Possible?

  105. Fabian

    After quite some time understanding, how RoleScoper works (Man, I have some knots in my brain now – but that has nothing to do with the plugin; it’s more a intellectual thing… ;) ) I got it now and it works great.
    But, I have a real strange problem. At the moment I activated the plugin, the order of my postings changed from “newest first” to “oldest” first. I would be very glad, if you could help me fix this.

  106. Perdox

    Hello there. I am thinking of installing this plugin. I am just starting out and am still in the testing stages of my blog. I have created a dummy user named dummy1. When dummy1 logs in he has the role of contributor.

    Now, when dummy1 clicks on Add New post, he can see the custom fields panel, the All In One SEO Pack panel and the WP Geo Location panel. But I don’t want to give contributors access to these panels. Will your plugin allow me to do this? If not, can you please suggest a plugin that will?

    I am using WP 2.7.1. Thanks in advance. Cheers.

  107. Stefan

    hi,
    fantastic plugin but a lot of mistakes…when i use nextgen gallery function of your plugin the can in not use the flash uploader for my pics in the nextgen gallery! just the single upload ist ready!

    it was fantastic when i take a limit for picture upload in your options the can the author just upload 5 pics or so…

    stefan

  108. Kevin

    Perdox,

    For selective hiding of administrative elements, you should check out the Adminimize plugin. I don’t know if it would deal with other plugins’ UI, but could definitely knock out the Custom Fields panel for you.

    At this point, Role Scoper only supports the hiding of custom-entered html IDs when the logged user has an editing role for a specific post/page/category, but only a Subscriber role blog-wide.

  109. Kevin

    Stefan,

    There is a conflict between the “Role Scoping for NextGen Gallery” extension and NextGen Gallery’s flash uploader. I haven’t developed a fix yet, but it appears you can still upload multiple files in a .zip

  110. Toby

    Kevin,

    I am looking for a way to make all posts visible to subscribers only, once they are published, but visible to anyone (even non-subscribers), if a moderator sees fit.

    Can that be done with Role Scoper?

    TIA
    Toby

  111. Kevin

    Toby,

    Yes, Role Scoper could accomplish your subscribers-only post visibility goal:

    1) Navigate to Restrictions > Category

    2) Set a Default Category Restriction on the Post Reader role.

    3) Navigate to Roles > Category

    4) Check the “show eligible groups” checkbox, then check “[WP Subscriber]

    5) Assign the Post Reader role for every existing category, and also for “DEFAULTS for new Categories”

    6) Click the update button to assign the Category Roles

  112. Malcolm

    Wow, this looks great. I’m not a developer but have been the creator, admin, and user of several dotnetnuke sites. I was about to give up finding the role support I’m used to with DNN but this seems to have it. But I have to admit I’m afraid to install it on my WP site for fear it (or I) will break my site. What can you tell me about the danger of using it.

  113. Kevin

    Malcolm,

    I can tell you that upon initial Role Scoper installation, your site’s front end is not affected at all. Only as you begin to reduce access (by setting Restrictions) or expand access (by assigning scoped Roles) will you see any effect.

    Role Scoper does not alter WordPress’ own role, capability definitions or user definitions, so uninstalling it returns the site to default access.

  114. Peter

    Another question. If I am disabling my existing Role Manager software (which will freeze the roles and capabilities) and installing yours. Will Scope over ride roles and capabilities as long as I reset them up through Scope? Are there any issues I need to be aware of before completing this task. Look forward to using your plugin.

  115. Kevin

    Peter,
    Users with an upload_files capability can upload files for any post or page which they can edit. It is not currently possible to further restrict Media Library access while retaining upload capability.

  116. Kevin

    Peter,
    Your current WordPress role definitions (as stored by Role Manager) remain even if you deactivate Role Manager. They will be your users’ set blog-wide capabilities, and Role Scoper may be used to further expand or reduce access to specific content.

  117. Avanish

    I have created three group and I want to set editor,Contributor group wise but I am unable to do it please help me to resolve this problem as soon as possible. Please help soon…..

  118. dave

    i love RS very much, but it is make my WP 2.8 suddenly have a WordPress Blank Screen of Death on homepage and event dashboard.

    desperately need the latest compatible updated RS for WP 2.8

    great work!

  119. Kevin

    I have developed the latest version of Role Scoper with WP 2.8, and am not aware of any incompatibility. Will put some additional testing in this week before officially stating 2.8 support.

    I suspect dave may be experiencing a plugin conflict.

  120. dave

    yes i think so dave, i start googling and find the solution of WSOD, they said that i must de-activate all plugins and then re-activate the plugins one by one.

    Then i start to do it, what i find out is, that when i activate the RS plugin, my wordpress page got WSOD, then i de-activate the RS plugin, my wordpress page goes normal.

    so, i think the RS plugin the one have conflict with WP 2.8, correct me if wrong. I use RS 1.0.3.4

  121. Pingback: Gérer les rôles et l’accès de vos membres dans WordPress ! | Geekeries.fr - Astuces Wordpress 2.8, Plugins Wordpress 2.8, Blogging, Référencement, Actualités High Tech

  122. Kenneth Younger

    I will second the comment from Ramon, I am also getting 404 errors with respect to the admin links and version 1.0.4. If I downgrade to version 1.3.4 everything seems to work just fine. Will post in the forum too.

  123. Sam

    Hi great plug in. Just wanted to know if your plugin is possible to allow 1 person to just edit 1 page … as i have dj profiles page and want to edit this so that dj profiles r in sub pages and that each dj can edit there profile sub page only .. also with out letting them change who can edit it or view or have the roles and tools options? many thanks …

  124. Kevin

    Sam,

    Yes, there are a couple different ways you can accomplish that page editing restriction. Both methods assume each dj is a WordPress Author or less.

    A) Just give each of them a Page Editor role for their page. You can do this by editing each Page (and selecting the user as an Editor), or by using the bulk role admin form (Roles > Pages). Then go to Roles > Options and turn on “Role administration requires a blog-wide Editor role”.

    - or -

    B) This assumes each user is already stored as the Author (based on dropdown in Edit Page form) for their own page. Go to Roles > Options > RS Role Definitions. Remove the “Publish Pages” capability from Page Author role. Click Update. Go to Roles > General and give each dj a Page Author role.

    Method B involves fewer steps, and is more of a nonstandard configuration that should be fine as long as your Page editing situation does not change significantly.

  125. Sam

    Thanks (a) works great I’ve set dj to subscribers and it works great just need to stop role and Restrictions from showing up in the dashboard for them any ideas if I can ? Thanks :-)

  126. SeanE

    Hi Kevin,

    Pre-install question. Want anonymous users (or default users) to have image upload capability. Having a hard time finding a non-WP application to manage user permissions and uploads together, so figured I would use WP to facilitate. I’ve read all info above, and I think RS might be a solution to help mitigate security issues.

    What do you think of this approach: default user (essentially anon) has ability to write a post and upload image files. The post and files will not be published until approved by admin. Want default user to not be able to edit any other post (or page) or in any other way alter the site.

    The purpose is one-time collection of a story from users who may also want to attach an image(s) (and video would be nice, but not essential). Also would like to limit the size of the file upload or number. I realize the handling file upload is outside of the scope of RS, but I thought I would get your thoughts before I spend time to create the blog, install WP on this particular site, and then work with RS.

    Thanks in advance

    Sean

    Is this scenario possible from RS? Any concerns?

  127. Pingback: The Autopsy Of WordPress As CMS With 25 Great WP Plugins & Designs | Onextrapixel - Showcasing Web Treats Without Hitch

  128. Kevin

    SeanE,

    You could open registration to the public and make users Contributors by default. Then use the Role Manager plugin to add the upload_files capability to the Contributor role. They would not be able to edit any existing content. To prevent them from contributing additional posts, you would to commission or discover a new plugin (that request has come up before but no free solution exists, to my knowledge).

    Role Scoper would not be needed (or especially beneficial) in the scenario you describe.

  129. Karl

    We would like to change the names of roles in the admin and thought to use Role Scoper for this. However, since we only want to essentially show two roles with different names (Contributors and Authors) to logged in admins (we call them something else internally), it seems a bit overkill to use Role Scoper since the actual permissions of those users don’t need to be changed.

    We don’t want to just update the language file, as we don’t want to have to port changes after every update.

    So before installing Role Scoper, I was wondering if it’s possible to override the two role titles with something like add_filter in functions.php? I know this would make the use of Role Scoper superfluous and this might be the wrong place to ask it, but I thought maybe due to the knowledge of working with roles, someone here would be able to suggest a simpler solution to my query above – if there is one?

    Thanks, Karl

  130. Adam

    Hi
    Thanks for this great plugin. Please can you help me? All I want to do, is allow Contributors to be able to upload media. How do I go about setting this up?

    Thanks in advance, Adam

  131. Troy C

    I’m still researching how to implement my ideas and your plugin will be CRUCIAL. Certainly expect a donation from me after I get started. I just wanted to stop and thank you from creating this.

    I’m going to use WP and RS to invite hundreds of experts to post a sub-page in my experts directory. They will be able to create and edit their page, but only their page. Now if I could just automatically show their page as a subdirectory on the server.

    Thanks.

  132. Marc-Olivier

    Hello!
    This is a fantastic plugin! Thanks for all this work!
    I’m trying to make it work for a project, and so far, it is working well, except that my “WP contributors” are unable to create new pages.
    When a user is logged-in, he can say in pages “Edit” and “Add new”, but when he clicks on “Add new”, he is redirected to the WP MU main blog. Editing existing pages works (I activated the page revisions).
    I’m using WP 2.8.4a and Role Scoper 1.0.8
    Any idea why?
    In Role Options / RS Role Definitions, “create child pages” is disabled in “Page contributor”, could it be the reason? How can i check it?
    Thank you for help!
    Marc-Olivier

  133. Andrew

    Hello!

    Is it possible to remove the interactions and post meta form, if a contributor login? I would like to the contributors can write a post, but i dont want to moderate the comments and i dont want to they can add some meta datas. Thank for your reply.

  134. Kevin

    Marc-Olivier,

    You should also give those users a General Role of Page Author.

    create_child_pages is a supplemental capability defined by RS for use in the “Page Associate” role. Normally, RS prevents the selection as Page Parent of any page which the user can’t edit. However, you can selectively override that limitation by giving them the Page Associate role for particular page(s).

  135. monbouc

    Hi, and thanks for your great work. Really.

    I’m using RS1.0.8 on WP2.8.4 mainly to assign subscribers and editors roles to categories (they just can post and manage posts by category).

    Everything works fine except that for the editor role, the WP edit post page lets all the categories defined in the site appear in the categories box, and not only those he’s allowed to manage (I have 4 main categories with children categories, with 1 editor assign by main category). Let’s note though that whatever he wants to publish in any other category than his ones needs the approval of the concerned editor.
    And for information, this problem doesn’t appear in the WP manage categories page, where only the concerned main category and children appear correctly in the list.

    I don’t know if this is a RS or WP situation (or one just made up by me, of course). Any suggestion ?
    Thanks.

  136. Levani

    I get this error after activating the plugin:

    Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/answersg/public_html/wp-content/uploads/2009/09) is not within the allowed path(s): (/var/www/virtual/answers.ge/:/usr/share/pear/) in /var/www/virtual/answers.ge/htdocs/wp-includes/functions.php on line 1933

    Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(/home/answersg/public_html/wp-content/uploads/2009) is not within the allowed path(s): (/var/www/virtual/answers.ge/:/usr/share/pear/) in /var/www/virtual/answers.ge/htdocs/wp-includes/functions.php on line 1942

    [truncated]

  137. Kevin

    Levani,

    You’re probably going to have trouble uploading files due to your server restrictions (unrelated to Role Scoper). At least, you won’t be able to use the normal year/month upload subdirectory structure.

    But to eliminate those warnings, edit role-scoper.php as follows:

    change:

    $upload_info = wp_upload_dir();
    

    to:

    //$upload_info = wp_upload_dir();
    
  138. Pingback: Reviewers in a WordPress blog « Pablo's site

  139. Mahdi

    Hi, Everything is OK and fine with RS. But, I have a problem. My site has some users as editors who add new records to the site. I don’t want them to have access to categories and tags to delete them. How may I disable delete from categories and tags or even hide them all from editor’s page? Just like author role

    Thanks,

  140. Kevin

    monbouc,

    It sounds like your categories have the Post Editor and Post Author role restricted, but Post Contributor unrestricted. That causes your blog-wide Editors to be demoted to Contributor for the categories in question.

    Category Management is based on a different capability (manage_categories), which role scoper handles via restriction / assignment of the “Category Manager” role… assuming you are using the default “Role Type” setting of “Multiple RS Roles” in Roles > Options.

  141. Kevin

    Madhi,

    The simplest solution would be to remove the “manage_categories” capability from your Editor role. You can do this with the Capability Manager plugin.

    If you only wanted to prevent them from editing/deleting certain categories, you could restrict the Category Manager role for those categories (Restrictions > Categories). But they could still edit/delete any tag.

  142. Pingback: How to make a Website from Wordpress « Nitish Kumar Says : Its always one man

  143. totalfootball

    Hello,

    I found this very interesting forum and hope I will find an answer here. For the moment I did not install this plugin, but if i find the answer to my question, hope to use it as soon as possible.
    I read George Snyder comment about the multilanguage qtranslate plugin, (I’m using the same, installing a new version for my website).

    A question: Is it possible to block/unblock the editors/authors language possibility? I try to explain better:
    With this plugin every author could post in every language, is it possible to create an english language authors, who could not edit/post in french or other languages? Or just a single language contributor? Or a contributor who could post in 2languages.

    Sorry for my english. Hope somebody uses qtranslate and can answer to me.

    Thanks

  144. Pingback: 12 Essential Plugins that Extend WordPress as a CMS | Web Design Ledger

  145. Marc-Olivier

    Hello Kevin!

    I’m experiencing a weird issue with Role Scoper 1.0.8 with WordPress MU 2.8.4. Most of my users have the role “Page/Post Contributor” with post revision activated. When user are registered to one blog only in my WP MU installation, everything works as I want to. However, as soon as I add them to another blog, they no longer can add a new page. When they click on “Add page”, they are redirected to the dashboard of their primary blog.

    Any idea why?

    Thank for helping us out!
    Marc-Olivier

  146. Kevin

    Marc,
    No, there’s nothing about RS’ design that would make me expect that to happen. I’ve been working on better MU compatibility lately and plan to do some development time in tomorrow. Will plan to diagnose your issue then.

  147. genim

    hello… i got this error on some of my page…

    Warning: filemtime() [function.filemtime]: stat failed for /hermes/web09/b2742/pow.richardyh/htdocs/thegembank/wp-content/cache/77b2c55d21262a06dca874c33b0a414f/rs_get_pages_for_user/09adf1a41b742844c55e03b387dc4188.php in /hermes/web09/b2742/pow.richardyh/htdocs/thegembank/wp-content/plugins/role-scoper/hardway/cache-persistent.php on line 378

    i can’t a way out by just analyzing the code…

  148. Kevin

    genim,

    It might be a permissions issue with your wp-content/cache folder. Some have claimed that PHP 4.x has a filemtime bug. If all else fails, you can always go to Roles > Options and turn off the Internal Cache.

  149. Pingback: Stearns: Using Wordpress as CMS « Toby's Web II Blog

  150. Pingback: Stearns: Move, Menu, Flutter and Permissions « Toby's Web II Blog

  151. Pingback: RoleScoper | stripShow

  152. nirok

    Great plugin !
    I have asigned some users to only a category to write posts in. Is there a way within the new post editor to hide or disable the user from selecting more than just there category? I know once they post it will only select the permitted category to post the post in, however to prevent confusion from users it would be great if these categories could be hidden… the area i’m thinking of in the post editor is where you can select the boxes as to what category you want the post to be posted in

    Thanks

  153. Michael

    having fun with this plugin. However, I have a query regarding a custom theme.

    Is there a way to programatically check a user is in a specific (role scoper defined) role?

    I basically want to add a menu item if the user has the rights on a specific page

    cheers
    Michael

  154. Steve B

    Hi Kevin,

    Thanks for the great plugin.

    I was wondering if there was a way of removing the extra columns added to the WordPress UI when editing a new post/page.

    Thanks!

  155. Kevin

    nirok,

    If you give your users a WP role of Subscriber, they will only see category checkboxes for the Category Roles you’ve given them.

    If they must have a higher WP Role, you’ll have to set a Category Restriction on the Post Contributor and Post Author role.

  156. yuanjin

    Hey, Kevin!

    Feel so good to be here. I am a beginner of WP, and I just installed RS to my site. Everything seems great. However, when I posted a new article after setting the right to read, I just encountered the following error information from my server:
    =====================================================
    Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/goleng/public_html/wordpress/wp-content/plugins/role-scoper/admin/role_assigner_rs.php on line 101

    Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/goleng/public_html/wordpress/wp-content/plugins/role-scoper/admin/role_assigner_rs.php on line 101

    Warning: Cannot modify header information – headers already sent by (output started at /home/goleng/public_html/wordpress/wp-content/plugins/role-scoper/admin/role_assigner_rs.php:101) in /home/goleng/public_html/wordpress/wp-includes/pluggable.php on line 868
    =====================================================
    Yet, the post was published successfully when I turned back to the Edit Page, as I could see it in the list. So I have no idea what to do with this, and I did not get much useful through Google. Would you please give me some advice?

    Thanks!

  157. yuanjin

    Yeah, actually I added a Role Definition by myself in “WP-admin>>Users>>Role Groups>>Create New Group”.

    And I input the Group Name with [] surrounding the characters like “[WP Privite Reader]“. I also found a strange thing that the system seemed to delete the “[]” that I added, leaving the characters alone. I don’t know whether this is the point of the problem.

    And I would encounter this error, if I selected any option of “Reader>>Grops>>eligible groups>>” , no matter which one, even the default Role Definitions created by WP itself like “/[WP Administrator]/”.

    All above is what I did and got, hope that can be of help. If there are still what you wanna know clearly, pls just reply me.

    And thanks for your work. :P

  158. Pingback: Guía Role Manager | Ayuda WordPress

  159. Jonathan Dingman

    Seems this plugin stopped working in WPMU with the latest upgrade.

    Getting this error now:

    Fatal error: Call to undefined function get_home_path() in /home/test/public_html/wp-admin/includes/misc.php on line 152

    Hopefully you can get an update soon, would love to keep using this plugin for our site.

    thanks!

  160. Pingback: Filtering Wordpress Categories Using an Undocumented Hook « SoulSizzle Design

  161. Pingback: What I’m working on for 2.5 | stripShow

  162. Pingback: Brand Control - A Brand Management Plugin For WordPress. | 7Wins.eu

  163. Adam

    thanks for making this plugin, it seems to be rather complex, which scares me a bit, but I just read a ton of this page and am now going to try to implement it. I already downloaded it a few minuteas ago right into my wordpress account.
    Thanks, my aplogies for future support questions if they happen.,
    Adam

  164. Jeff Miller

    Hi Kevin,

    Very nice plugin! I’m hoping to use this for an intranet for a non-profit board, and I have just a few questions.

    1. I’d like for everyone who types in our address to be presented with a login screen; if they have a username and password, they are taken to content, not admin. It looks like RoleScoper doesn’t do that. Can your plugin coexist with something like the plugin “Restricted Site Access”?

    2. I want to make sure that uploaded files are secure, and only accessible to those with the permissions associated with the posts/pages to which that file is attached. (Admittedly, this is the biggest reason I’m interested in your plugin; we aren’t going to have that many roles, although I’m sure I’ll make use of them, especially as things expand.)

    So, each board member will be a “subscriber” and all posts will require at least that role.

    Am I correct in understanding that if we were to send a link to an attached file in an email to one of the board members, they could click that link and get access to the file, as long as they are logged into the site? Without having to go the page?

    3. I noticed this text on the WP Plugin site, under Attachment Filtering:
    Normally, files which are in the uploads directory but have no post/page attachment will not be blocked. To block such files, copy the following line to wp-config.php: define(‘SCOPER_BLOCK_UNATTACHED_UPLOADS’, true);

    Does this block access for everyone, regardless of role? I assume that the idea is you could upload files in advance of attaching them to a post or page, knowing that they are secure until you have defined their access.

    Thanks so much for your help.

    Jeff Miller

  165. Oscar

    Thanks a lot for this plugin, it is very useful and reliable! Keep up the good work. I was wondering if you have release notes for 1.1.7? I found a post regarding 1.1.6, but can’t find it for the latest rev. Do you have a change log for the latest version?

  166. Kevin

    Jeff,

    (1) – I’ve never used that plugin; will look into it when I get time. Maybe you can explore that and tell me what you find.

    (2) – Yes, as long as they’re logged in the direct file URL will return the actual content without any WordPress wrapping.

    (3) – Yes, the unattached uploads would be blocked from all roles except Administrator.

  167. Aleksey

    Kevin, thank you for explanation of WordPress roles. I used this blogging engine for a 5 years but only today I learn about differences between user roles. The fact of the matter is that I started some blog project where I need that users may enter his own post without access to options that are available for admin.
    As I see your plugin help to customize user roles more easy than WordPress do it.

  168. Kevin

    Michael, Role Scoper has an Attachment Filter functionality which limits access to uploads which are attached to a Private or Restricted Post/Page. Just assign the Post/Page Reader role to those who should access the uploaded file(s).

  169. Courtney

    Hello,

    I’m trying to get this to work with Flutter. I have several Flutter write panels and different groups who should only have access to a few of them.

    I have RS working — kind of. It doesn’t remove the whole write panel if the person doesn’t have access to that write panel’s page or post category.

    For a Flutter write panel that holds posts of a certain category, if you don’t have access to the category that those posts are associated with, then you can’t manage the items. However, you are able to create a new post from that Flutter write panel. I suppose this is because at this point the post hasn’t yet been created and therefore associated with that category (which it does by default in that write panel). So, ideally, we’d just not give people access to the left navigation flutter item.

    Also — it would be nice to be able to shut off access to the Posts and Page navigation items. Because those still hold all of the Flutter posts and pages.

    Any thoughts? Thanks.

  170. David

    Hi.

    I’ve used your fantastic plugin largely to great success. I am trying to set authorization for a user whom I want to give complete post & category access but no page access at all. I’ve managed to get it to a point where this user (who I created as an Editor) can’t see any of the already created pages in their ‘backend’ but unfortunately they can still create new pages.

    I’d be really grateful for any suggestions.

    Thanks in advance.

  171. CuffLinks

    Hi There

    This Role Scoper plugin seems really useful! I think its alot more sophisticated than a password protected page.

    I saw the description and screenshot, but I am not sure if it will apply to what I am after.

    Essentially, what I hope to achieve is something similar to this site:
    http://www.mckinseyquarterly.com/Four_ways_to_get_more_value_from_digital_marketing_2556

    If the user is not logged in, the site will limit the display to 2 paragraphs (just an excerpt and not the full article) and require the user to register or login to read the full article. I like this approach as it will help generate and grow the readership. Do you know if your plugin can serve this simple requirement?

    I am in the middle of building my WordPress site and it will not be a blog but more of a CMS.

    Would be great to hear your thoughts. Thank you!

  172. Kevin

    David,

    If you need those users to retain a WP role of “Editor”, use Capability Manager to remove the “edit_pages”, “edit_published_pages”, etc. capabilities. You could also increase the Author’s post editing capabilities. In fact, if that’s all you’re trying to accomplish you may not need Role Scoper at all.

  173. Kevin

    Cufflinks,
    You can review your options for this at Roles > Options > Features tab > Hidden Content Teaser.

    If you set the teaser mode to “excerpt or pre-more” and place a more tag after the second paragraph in each post, Role Scoper will cut off the teaser content there. There’s currently no way to automate that paragraph cutoff.

  174. Paulus

    I read a respponse some time ago for only allowing a user to have access to editing one page and access to nothing else. I’m quite new to wordpress but i’m getting there, just needed a walkthrough from one of you guys on how to set this up. It’s for a free biz directory in the village. Ive installed the plug in but dont want to mess with it until i know exactly what to change. I understand it’s the “auther role” and removing things, but according to an earlier post alot has changed since. Maybe I’m trying to hard.

  175. Paulus

    Oh sorry, it relates to this post from 2008. here’s your reply. it’s what I want to do

    Stefano,

    You can do that (enable Authors to edit one page and nothing else) as follows:

    * Install the Role Manager plugin and use it to remove the “edit_posts” capability from the Author role. Can also remove all other caps except “read” if you want.

    * While logged in as admin and with Role Scoper activated, edit the page you want Authors to edit.

    * Expand the “Editor” dialog. Click on “Groups” and select “[WP Author]”

    * Save the page

    Prior to the new revision, these authors could still get into the “Write Post” / “Write Page”, but could not save anything as published. Now they won’t even see the “Write” menu link.

  176. Nate

    Kevin,

    Can I use RS to manipulate what a person has access to on the front page of the site? Or to be able to provide different things depending on the role? I realize that you can do it with posts/uploads, but is there a way (template tags?) to provide different navigation structure to varying groups created by RS?

    For example:

    Group A sees Navigation Structure A on the frontpage.
    Group B sees Navigation Structure B on the frontpage.

    Thanks!
    Nate

  177. Benjamin Knight

    I’m having an issue using this plugin on a WordPress MU site. All blogs on this site display the main blog’s navigation in the header, and they do this using the “switch_to_blog” function in the header, loading the navigation, and then calling the “restore_current_blog” function. The problem is that sub blogs (blogs that are not the main blog) with the Role Scoper plugin enabled render a blank primary navigation. My guess is that the way this plugin was coded is that it is not “MU aware” and hence can not check permissions on pages that are not in the same blog. I’m hoping to find a solution… has anyone else encountered this? Would it be hard to hack the plugin so that this works? Thanks.

  178. Kevin

    Benjamin,

    Role Scoper is “MU aware.” In fact I did the work to make it so at the request of clients, who have since confirmed MU compatibility.

    I suggest temporarily defining WP_DEBUG as true in your wp-config.php file. You should then see a descriptive error message instead of a white screen. My guess is you didn’t have enough free memory prior to activating Role Scoper and now you’re exceeding your server’s PHP memory limit.

    If you need to follow this up with me, please bring it to the Support Forum.

  179. Efren Toledo

    Role scoper will continually crash my site. When I try to activate it I get the following error:

    This Page Cannot Be Displayed

    Internal system error when processing the request for the page ( http://www.jamiesonschool.org/wordpress/wp-admin/plugins.php?activate=true&plugin_status=inactive&paged=1 ).

    Please retry this request.

    If this condition persists, please contact your corporate network administrator and provide the code shown below.

    Notification codes: (1, INTERNAL_ERROR, http://www.jamiesonschool.org/wordpress/wp-admin/plugins.php?activate=true&plugin_status=inactive&paged=1)

    It then says that the user has too many active connections. Any thoughts?

  180. Brendan

    Hi Kevin, quick question. When I log into my blog as a contributor I still have access to certain plugins from with the publishing a new post section. For instance, I’m using the WP to Twitter plugin and when a contributor logs in, they are given the option to NOT tweet the new post from the publishing area. Is there anyway to restrict plugin visibility from the publishing area within Role Scoper?

  181. Andrea

    Just trying to see if this plugin works fine for me.

    I’ll have this portal based on categories.
    Every editor can add a post BUT any post has to be only in one of the 25 categories I have (no matter wich one they choose, it has to be only one!).

    Does this plugin helps me???

    Is this possible?
    If yes, how or with wich plugin/s?

    Thanks!

    Reply

  182. chryjs

    Hello, thanks for this plugin (too bad it lacks translation maybe I can help). But I have plenty of these errors when modifyinbg or applying roles :

    Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(/usergroups_for_ug) is not within the allowed path(s): (/mnt/159/sda/3/d/www.ecole.b) in /mnt/159/sda/3/d/www.ecole.b/wp-content/plugins/role-scoper/hardway/cache-persistent.php on line 500

  183. Kevin

    I corresponded with Efren by email. He had some invalid WP Super Cache settings. Correcting those cleared the internal errors. Here are the details:

    Despite a writable default .htaccess file, WP Super Cache Settings continued to indicate “unable to write Rewrite Rules”. I also noticed that /.htaccess and /wordpress/.htaccess seemed hard-linked on the file system, and wondered whether this was confusing WP-Super Cache. The only way I got WP-Super Cache to show .htaccess as writable was by editing wp-cache.php (function wsc_mod_rewrite(), around line 580) to look at wordpress/.htaccess instead of /.htaccess

    Even after the above change, WP Super Cache did not successfully auto-update .htaccess. I had to paste its displayed RewriteRules in myself.

  184. Kevin

    Brendan, take a look at Roles > Options > Advanced tab > Limited Editing Elements

    Once you know the html ID of the plugin UI in question, you can suppress it (for specified roles) by adding that ID to the semicolon-separated list. In some cases, the Adminimize plugin can also help.

  185. Kevin

    chryjs emailed to say that he suppressed the open_basedir error message by prefixing an @ before each is_dir call. Switching Role Scoper’s Internal off may have also worked. It looks like his server file permissions are preventing the cache from working.

  186. AH

    Also, can Role Scoper be used to hide a page AFTER login? I have a page that says, essentially, “login here.” Once someone has logged in, can Role Scoper be set up to hide that page?

  187. Pingback: List of WOW Plugins | Michael Kimb Jones - Michael Kimb Jones

  188. Pingback: WordCamp UK 2010: "Great Plugins (WOW Plugins?)" by Michael Kimb Jones | Wordpress How To's | Customizations | Tips | Themes | Plugins | Hosting | Books

  189. Kevin

    @ Hidde: You can disable the User Groups and Scoped Roles display on the user profile by turning off the following options:

    Roles > Advanced > User Profile > Display User Groups
    Roles > Advanced > User Profile > Display User Roles

  190. Kayle Simon

    I’m trying to give a particular author the ability to only edit one page, and to also see and edit the comments sent in for that page. It just seems as though most of the parameters for this plugin have to do with categories, and pages don’t have categories, so that doesn’t help me. When I follow the instructions to add them as a subscribe and give them editing ability on that page’s advanced tabs, they get a dashboard with no pages at all…or comments, or much of anything else…and can only access “their” page by going through their profile. I’m sure I’m doing something wrong but I’m pulling my hair it, I want something so simple and this plugin is loaded with so many pages and checkboxes that I’m overwhelmed, I guess. I had hoped it would be easier to use, and at this point I’m not even sure what I want to do is possible.

  191. Kevin

    Kayle, the process to let a user edit a particular page is just what you said:
    1. Enter the Edit Form for the page in question
    2. Find the Editors metabox, expand it, and tick the checkbox for the user in question
    3. Save the page

    We can talk about why that isn’t working for you, but there is no need to explore other plugin options for your implementation (though they may earn their keep in other situations).

    I’m wondering if you have the Adminimize plugin configured to disable the Pages menu for Subscribers. If not, can you give me some version info and experiment with temporarily disabling other plugins?

  192. Peter

    this is the error message:

    Role Scoper cannot operate because another plugin or theme has already declared the function “set_current_user” or forced early execution of “pluggable.php”. All posts, pages and links are currently hidden. Please remove the offending plugin, or deactivate Role Scoper to revert to blog-wide WordPress roles.

    would be nice if role scoper would follow wordpress programming guidelines, i.e. naming functions with a unique prefix … hope this is not too much to ask ….

  193. Kevin

    The function “set_current_user” is handled by WordPress as a pluggable function. This aspect of the WordPress API allows a plugin or theme to override certain core functions. I’ll not take the time now to describe why it’s necessary in this case, but rest assured this is not due to a misnamed function.

    I’m sorry you found the error message (describing a plugin conflict) unpleasant. If you can’t resolve the conflict, just deactivate RS to “unbreak” your WP install.

  194. felix

    I found a small bug: when using feeds with HTTP authentification (or by looking at the feed URL in the browser after logging in), the newest private posts will only show up when there’s a newer non-private post. I tested this with version 1.2.7 on WordPress 3.0.1.

  195. Pingback: Wordpress plugin Role Scoper returns 500 internal server error | ogge

  196. Leon Lee

    Hi Kevin,

    I would like to take this opportunity to congratulate you on developing such a fantastic plugin!

    I realised that my non-admin users are not able to see all posts and pictures in the media library, only theirs. Am I able to allow all users to see all the pictures and posts published by other users but only allow them to edit theirs? (Just like the original WP role settings).

    This question might have been asked and answered before, but I have been spending the whole day trying to search for the answer :)

    Thanks in advance for your time and help!

  197. Kevin

    Leon, add this to wp-config.php:

    define ( 'SCOPER_ALL_UPLOADS_EDITABLE', true );
    

    It won’t actually force them all editable, just viewable in the edit listing. The latest RC version includes a fix for the attachment count when that constant is set.

  198. Tomas

    Hi!!
    I found this plugin when I was looking for one that allows me to hide some categories and some articles (the whole article, not even display the title) to people who is not registered in my system or to users with a specific roll (let’s use “Subscribers” as an example).
    Is it possible to get what I’m looking for using this plugin?
    In the case of being possible, how should I configure it?
    Can I hide also those articles in the rss or protect them in some way (as I say I want to hide the whole thing, not even show the title)?

    Thank you very much for your help :)

  199. Katarsis

    Tks!!!!

    i wrote a veeeeety small snippet (like b plan )
    too basic but functional
    you must link a tag in the post editor

    if(!is_user_logged_in()) {
    //no user logged in

    echo ‘debes estar logueado’;
    }

    else {

    global $current_user;
    get_currentuserinfo();
    echo ‘nombre:’ . $current_user->user_login . ‘
    ‘;

    $tagpaciente= $current_user->user_login ;

    $new_query=new WP_Query();
    $args= array(‘tag’=>$tagpaciente);

    $new_query->query($args);

    if ($new_query->have_posts()) : while ($new_query->have_posts()) : $new_query->the_post();
    the_title();
    endwhile;
    else :
    // do stuff for no results
    echo’

    No hay nada para el paciente:

    ‘ . $tagpaciente;
    endif;

    };

    ?>

    i have tested Role scoper plugin too , (only config in post editor)
    powerful!
    with 2 clicks i achive the objetive

    thanks for the plugin

  200. Kevin

    Tomas,

    You can go to Restrictions > Categories, and restrict the Post Reader role for desired categories. Then use Roles > Categories to assign a Post Reader role to appropriate users or groups within the same category.

  201. Mike

    One more question. I autorised one user to edit a page but I also want to autorise him to create a new page under the page he’s allowed to edit. Is that possible?

    Thanks, Mike

  202. Pingback: Role Scoper – WordPress Sample Site – A Training Site – by Heidi Cool

  203. Dhany

    This plugin is very powerful. It is overkill for my purpose instead. :) Initially I only need something to plug the hole in WP Media Library where any user can see and even edit other user files. That is perfectly solved with RS.

    I’m still getting used to it, and need simple answer to simple questions:
    1. Can this plugin be used to restrict ability to view/select categories when a user create a post?
    2. Can the number of selected categories be limited as well?

    Thanks

  204. Airpilot

    WE’re building a ebsite using WordPress, BuddyPress, S2Member and a number of other plug-ins, to support a recreational club. Will Role Scoper allow me to set privs by page? Does it do this by not showing “Edit Page” at the bottom of pages not authorized for write by Role Scoper? Does Role Scoper add more priv choices than just the Free plus four provided by WP / BP ? Thanks, Airpilot

  205. Belajar SEO - Dhany

    Thanks for the email reply to my questions above. :) My mistake to put it in comment section rather than the Support Forum. Now I just want to say this is one of the greatest plugin I’ve ever used for my WP sites. I’m glad you develop it and I’ve made a vote to the plugin rating as well.
    I’m also interested to the service. Might make an inquiry within few weeks.

    Thanks, Dhany

  206. Blake

    It seems that this plug-in is working for everyone, but for the life of me I can’t seem to understand it. I am ultimately trying to have an role that just allows a person to be a comment moderator. It has no access to do anything else. No one is using the Editor role, so I decided to uncheck everything but moderate comments. That did not work, any help would be appreciated.

  207. Kutub

    I was wondering if there is any Plug-in to Hide all the Plug-ins on the site and just will show the Appearance. I would like to give access to my Webmaster to design and edit my site but I do not want to show the webmaster my other part of the site.

    Thanks

  208. Kevin

    You can use a simple role editor such as Capability Manager to remove create a role that includes the theme-related capabilities, but not plugin-related capabilites or “manage options”

  209. g86

    before i read the whole manual, is this plugin capable of creating a login page which allows 50 users to log in, accessing to extra page where each of these users will be able to download it’s own content?

    like accessing some documents, every costumer for himself. user database and page modification/adding files shuld be fairly easy too.

    thanks for your answer!

  210. Belajar SEO - Dhany

    Quick question: For a role with ability to write post and have access to all post categories, a member of that role then switched to another role with restricted post category (still able to write post), what will happen to their existing posts, which is put in category they no longer have access to?

  211. Rob

    Hey Kevin,
    Great Plugin, thanks alot! Quick question, Im having trouble allowing someone access to my blog to just moderate comments and thats all.

    Can you give me brief directions on how to setup a role for someone to just be able to moderate comments (edit, publish, delete, etc.)?

    Thanks.

  212. Derrick

    Hello Kevin, from what I have read this plug in seems very useful and I would like to explore its capabilities more however I have a question before I do so.

    I have a website that is almost done being developed that will showcase off real estate…our hopes are to allow users to sign up create a seller profile both real estate agents or people who just want to sell their own home. Currently in its build an admin has to enter in everyone’s listings but I would like to be able to allow each user with a profile to be able to enter in their own property listing…my dilema is under WP current access roles I have to make each person an author thus giving them access to much more than I want them to have.

    Do you think that this plug in “role scoper” would be my best option to allow my sellers the ability to list their own properties (ie: posts)
    Thanks Derrick,

  213. Pingback: 5 WordPress plugins για διαχείριση ρόλων

  214. Michael Keyles

    Just upgraded to the latest role scoper (1.3.36) and not it has disappeared from the back end. Previous version was working great. Can’t see role scoper it listed in plugins, roles menu is gone, etc. Tried to do a reinstall but the message comes back that its already installed. Running WP 3.1.2 Any ideas?

  215. Kevin

    Version 1.3.36 incurred a file transfer error on my end. The problem is with the directory structure for the version 1.3.36 download – not with the code itself. It’s now corrected, but anyone who updated to that corrupt ZIP file will need to manually move all files from role-scoper/role-scoper to role-scoper. The other option is to delete plugins/role-scoper, then reinstall via your WordPress admin panel.

  216. AD

    I admin a site which restricts content to logged-in users (premium). Currently each post is designated for the ‘Readers’ group of ‘WP Subscriber’.

    My question is how to allow occasional free posts to be visible by all, whether a subscriber or visitor?

    Forgive me if I’ve overlooked the documentation, and this seems to be a simple setting, but with so many options I have been unable to determine the answer here.

    Thanks in advance,

    AD

  217. Crystal

    Hi there! Great plugin, and I appreciate all the documentation. I’ve got everything configurednd tested for limiiting access so pages can be viewed only by subscribers, and so posts can only be viewed by the individuals I have assigned to them.

    The one thing I’m stuck on is preventing the COMMENTS on those limited-access posts and pages from being viewed by non-subscribers, i.e., anyone who isn’t logged in. I need the comments to follow the same rules as the content, but they’re visible to everyone.

    Howd do I do that? Thanks for the help, and thanks again for such a robust plugin.

  218. Crystal

    Nevermind! I just discovered Private pages ;-) That takes care of the comment display issue nicely because the whole darned page is simply not present…

  219. Pingback: (Mon) Top de plugins Wordpress | nitoo

  220. trusktr

    Seems like a very nice plugin!!! Very hard to learn without the usage guide though….

    Would this plugin be good for hiding certain aspects of the post editing screen from certain role (contributors)?

    Also, you should consider adding a plugin like “subscribe to comments” to your site or else I may never know if you’ve replied to this comment!

  221. Pingback: 90+ WordPress CMS Themes and Plugins - tripwire magazine

  222. Pingback: WordPress Plugin Releases for 07/08 | Serradinho

  223. a4jp.com

    Can I do something like this with your plugin?

    [WP viewer]
    Sign up today. *Don’t show this to people logged in.
    [/WP Viewer]

    [WP Subscriber]
    Thank you for logging in. *Only show this text to Subscribers.
    [/WP Subscriber]

  224. Kevin

    Role Scoper doesn’t deal with content blocks at this time. You can try Hide Post, using Capability Manager to edit the user level associated with each role.

    Or maybe the Members plugins would be a better fit at this time. It has some content block shortcode functionality.

  225. David

    I have a question.

    I’ve created a group and added a couple of users to it. These users are set to “Author”.

    I want to limit that group to be able to edit a few specific pages (and sub-pages) as well as be able to create sub-pages.

    I also want to have this group be able to edit and add posts to a specific category and the sub-categories of that one.

    Can you help me out and give me a step-by-step of what to do?

  226. Kevin

    David,

    1. Give your users a WP role of Subscriber.

    2. Give the group a “Post Author” role for desired category, assigning “for selected and subcategories” ( Roles > Categories )

    3. Give the group a General Role of “Page Author” ( Roles > General )

    4. Give the group a “Page Editor” role for desired pages ( Roles > Pages )

    5. Give the group a “Page Associate” role for any additional pages they should be able to create sub-pages on (without editing the parent page)

  227. Chad

    I’m trying to get the admin menus for your plugin to be invisible to low level members but I just can’t get them to go away. If a low level members clicks on them they get an access denied message but I’d rather they didn’t even know these menus existed.

    I’ve tried Adminimize, Advanced Access Manager and Admin Menu Editor to no avail. I even tried a snippet for the functions.php file. Nope.

    Any ideas?

  228. FanaticWeb

    Hi there, I just tried installing the plugin and got this error when I treid activating it: Fatal error: Call to undefined function submit_button() in /wp-content/plugins/members/admin/roles-list-table.php on line 91
    When I cross reference line 91 in that php file, I see this one:

    Where is the error exactly? Anyone else had a similar issue?

  229. FanaticWeb

    WOW this plugin is beyond anything else I have seen, it actually recognised the custom posts of my theme, the installation was smooth, left everything at its default state, but for some weird reason, only ONE section of my blog was giving me 404 errors:

    I’m using a classified theme (custom posts), in the main navigation menu, there’s a Dropdown for Categories to browse through, and no matter what category I choose, i get a 404 error, yet all the other pages are fine.

    I thought maybe its a permalink issue, went back and resaved the permalinks, to no avail, I then uninstalled RS just to isolate the issue and indeed, RS caused my main categories pages to be mislinked, why did it even target that page and nothing else??

  230. listweb

    Hello,
    I wonder how do all contributors can edit the post if the post is in category “wiki”.

    I’ve tried to use the plugin “Role Scope” but without success =(

    Any idea?

    Thanks!

  231. Chan

    I stumbled across your plugin, and it sounds like it will take care of a wishlist feature I’ve been craving, and much more. However, I want to ask the basic question first:

    I would like for all my posts to show to everybody on the home page, search results, etc, with the title and excerpt. When they view the actual post, I would like the content viewable by certain groups, like admins and contributors, but only the excerpt to everyone else.

    I am working on a collaborative research project, and I would like to share the summaries of contributions (excerpts) with anyone visiting the site, so they can get a gist of the work. But I would like the contributors to be able to view the juicy details (content) of other contributors, and edit their own. So, anyone visiting the site can learn that contributor Bob has “submitted my interesting weekend results” on tuesday, but other contributors can view the actual data from the results. I don’t want to hide post altogether from random visitors, the way a “private” post would. I would like them to get an edited view of our work in progress, which could be typed up in an excerpt. And the collaborating team members can still easily view the full details of each others’ submissions, just by logging in.

    Is this what the teaser feature will allow me to do? Create a post that has full content for some groups, but a teaser view for the rest?

  232. Kevin

    Chan,

    Yes, it sounds like the Hidden Content Teaser is what you need. Set it to one of the excerpt modes (adjustable for each post type). By default, private post visibility will also cause this teaser display, but can be configured to completely hide the posts if you prefer.

  233. Kyler

    Hi Kevin,
    Your plugin seems very well made and very capable. I am still learning exactly what it can do and what it is capable of. Thank you for your hard work and shared talents!

    What I’m trying to do is this: my site is a classifieds site for a particular city. In almost every case, the classifieds are free for the user to post. But there are certain ‘commercial’ categories I would like to restrict to only the Administrators.

    Is it possible to allow all posts/pages to be seen by everybody, but for the restrictions to be applied JUST to posting in certain categories? I tried to do this but found that those in the restricted group couldn’t even see the post categories.

    Thanks in advance,
    Kyler

  234. Pingback: 15 steps to developing a school website using WordPress | Technoteaching

  235. jellis00

    Role Scoper doesn’t appear to do one of the things I need. I need to control who can post on each page by User Role. All the plug-ins I see (including Role Scope) only let you control who has ACCESS to each page by User Role…not who has POSTING permission on each page by User Role. Does anyone know of a plug-in or how to do this?

  236. Kevin

    jellis00 – I’m going to assume that by “posting on a page”, you mean creating subpages of it. That’s a two step configuration with Role Scoper:

    1. assign the Page Author role via Roles > General

    2. assign the Page Associate role for desired parent pages via Roles > Pages (or via Associates metabox in each page edit form)

  237. Paulo Tresena

    Good morning to all!

    My name is Paulo Tresena, I live in Brazil and work as a developer.

    I am developing a site in WordPress and I need a restricted area for many users, where I would create the same name and password each.
    Each user would have their own area with their files.
    The redirection would be done through a form on a given page, which would check the name and the User and send it to their respective area.

    Anyway … I indicated that plugin, but found much difficulty and could not find any tutorial that could help me in this case.

    It is a very simple thing, but I’m very headache to accomplish.

    I ask for urgent help and now, thanks!

    Sincerely,

    Paulo Tresena
    paulotresena@gmail.com

  238. Colin Weir

    Hi there

    Thanks for this plugin! I am using your plugin for a while and it’s been working great, however I had some issues over the weekend and had deactivated it. Now when I reactivate it I get the following message appearing –

    “The plugin generated 1 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.”

    Is this anything I need to worry about and can I fix it?

    Thanks

    Colin

  239. Kevin

    Paulo,

    It sounds like you have some good ideas for customized file upload and display templates. That type of custom template could be developed in conjunction with Role Scoper but it’s not something that the plugin provides out of the box.

  240. Kevin

    Colin,

    Did you open one of the plugin files in an editor or re-upload via ftp? It sounds like you somehow picked up an line break or other whitespace character at the beginning or end of a file. It probably won’t matter, but could cause a “headers already sent” error depending on what your other plugins are doing. Try deleting the plugin files and installing a fresh copy.

  241. Mba helsinki

    I am working on a collaborative research project, and I would like to share the summaries of contributions (excerpts) with anyone visiting the site, so they can get a gist of the work. But I would like the contributors to be able to view the juicy details (content) of other contributors, and edit their own.

  242. Pingback: Conditionally disable Pages Children in WordPress | Snippets

  243. Pingback: Role Scoper | Lugoff, Camden and Northern RR

  244. Kevin

    @Mba helsinki: you could user Restrictions > Categories to set a default restriction on the Post Reader role for all categories. Then go to Roles > Categories and give the [WP Contributor] group a Post Reader role for all appropriate categories. Next, enable the Hidden Content Teaser with “excerpt as teaser” option.

  245. Suzanne Day

    Hi, I have Role Scoper 1.3.27 and recently updated to WordPress 3.3. When I click “Activate Plugin” on Role Scoper the whole plugins page goes blank and my website goes blank. I have to do a .hold on the plugin in ftp to get the website back again.

    I understand a previous web developer put a lot of time into setting up the settings for the Role Scoper we’re using, so I’m loathe to just delete it and reinstall…..can you advise on what I should do to get the plugin activated and working again?

  246. Pingback: Thinking Out Loud » WordPress Roles

  247. Pingback: 10 excellent & promising WordPress Plugins, some brand new | techx.tk

  248. Pingback: WP-Flock v0.1α Screenshots [ ALIS.ME ]

  249. CB

    Hi there. I want to create a custom role where a blogger can post photos and text content and can choose themes, but where all these changes require admin approval to be published. Is this possible?

  250. John

    Kevin, I am the webmaster for nptrouter.com on which we have used WordPress for a Guide-Blog. Within the blog, we want to have three pages: 1) a welcome page; 2) a Guide-Blog page; 3) a Customers page. We want everyone who visits the website to be able to read all content on all three blog pages and to make comments on all pages. However, we want to establish following permissions that are page specific as far as doing any posting to pages 2) and 3):
    Page 2): Only admin and designated editors/authors may post to this page.
    Page 3): Only admin and designated contributors (customers) may post to this page.

    We tried to use RS to do this, but can’t get it to work the way we want. When we think we have the restrictions and permissions set the way you describe for what we are trying to do, any and all posts by whoever appear on both pages.

    Can you please advise us how to set up RS to do what we want?

  251. Andre

    Hey Kevin. I’ve been trying out Role Scoper for a while on a site I’m busy developing. However, now I’m having some issues when I try disable it…

    With it enabled, the site responds as normal. But when I disable it, none of the pages finish loading in any browser. Internet Explorer at least gives me a warning about “a script is taking too long to run”, however in other browsers (namely Chrome and Firefox) the tab simply stops responding.

    To get the site working again, I need to log in using IE, stop whatever script is taking so long, and enable RS again. But this isn’t helping me right now since I need to disable it to test something else.

    I’m currently running WP 3.2.1 with RS 1.3.50. Any ideas here…?

  252. Andre

    You can ignore my previous comment, I just managed to disable and remove the plugin. Something seems to have messed with the parent/child relationships between pages though…

    I was using get_pages with ‘parent’ => 18 in various places in my theme (pulling featured images out of child pages), but now that code doesn’t work. I now need to alter all those lines to read ‘child_of’ => 18 instead. Using ‘child_of’ is quite probably a better way to do this anyway, however I can safely say this never gave any problems before I installed or while I was running RS, only cropped up after it was removed.

    Either way, I’ll keep digging to try find the true cause of the problem… If I find anything useful I’ll post back here. :)

  253. Kevin

    CB, to require admin approval for publication of new posts, just give your users a Contributor role. The Contributor role can be modified (using a role editor such as Capability Manager, Members or User Role Editor) to include the switch_themes capability. But neither WordPress nor any of my plugins provide a way for the theme switch to be moderated.

  254. Kevin

    John, your required settings are right in the Edit Page form. All you need to do is check the “Restrict for Page” checkbox in the “Editors” metabox. Then (in the same “Editors” metabox) select the users and/or groups who should edit the page.

    If you are also running the Revisionary plugin, you will need to also check the “Restrict for Page” checkbox in the “Contributors” and “Revisors” metaboxes.

  255. Pingback: WordPress Roles | Thinking Out Loud

  256. Emma

    Hi Kevin,
    I am using Role Scoper plugin for a year. Really great. Currently I have installed Event Manager plugin. The problem I am having the links(posts) for the events works well when viewing them when I am logged in to WP, but no links work when it is outside of WordPress (when you are not logged in). It seems to redirect to home page all the time. After extensive investigation I was able to find out if I disable role scoper, all the links work.

    Is their any solution to this problem?
    Any help will be greatly appreciated.

    Thanks,
    Emma

  257. Jana

    How can I copy the customized RS permissions from one site to another? I’m using a blog template plugin to copy the settings from one site (on multisite) to another, and I’d like to carry forward the page-level permissions that I’ve set up from one site to another (note: this is on a site that’s behind a university firewall, so I can’t share the URL here).

  258. Patrick

    I’m trying to add multiple users via comma-separate for a group using “Group Members” /wp-admin/admin.php?page=rs-group_members&mode=edit&id=12 is an example address of the page i’m on and everytime I update I get the following PHP errors but it still says Group Membershiop Updated and no users are added to the group.

    PHP Warning: array_diff(): Argument #2 is not an array in EDITED/wp-content/plugins/role-scoper/admin/group_members.php on line 139, referer: EDITED/wp-admin/admin.php?page=rs-group_members&mode=edit&id=12

    AND

    PHP Warning: array_diff(): Argument #1 is not an array in EDITED/wp-content/plugins/role-scoper/admin/group_members.php on line 142, referer: EDITED/wp-admin/admin.php?page=rs-group_members&mode=edit&id=12

    Example of list used:
    1223342,1123124,12412532,12312412

    I’ve tried both text and number only and with known WP User ID’s. Also a large number of usernames are numbers – would this be be causing the issue?

  259. miral

    Hi Kevin!

    Great plugin! Jen Z recommended it.

    I’m trying to restrict page and post edit access for all my users except admin.

    I installed the plugin.

    I went Restrictions -> Pages and made Page Reader the default role for all pages. However, every user type are still able to edit the pagess and posts.

    Am i missing something?

    Thanks!
    Miral

  260. Pingback: 12 Must Have Wordpress Plugins Dedicated to CMS Management

  261. Kevin

    Hello Miral

    Assigning a default Page Role grants additional access to the corresponding users for all subsequently created pages. It does not remove any editing access the user already has. If you set a default Page Restriction on the Page Contributor, Page Author and Page Editor roles, only pages for which a role is explicitly assigned will be editable.

    The other alternative is simply to remove the editing capabilities from their WP role.

  262. Pingback: 将WordPress扩展成CMS的12个必要插件 | 凯虎网

  263. Pingback: Role Scoper Plugin for Wordpress | Agapetry | | ResourcesResources

  264. Luis

    Hi
    f.o.a. great plugin probably the best i found for wordpress letting the administrator take control of everything in the site.
    But i found a really big BUG, if a user use the search engine all the restricctions are not kept. so any idea how to solve it, i mean, avoiding users to read some post if they are not in the adequate group whether or not they are using the search engine?
    Thanks

  265. scimon

    @miral, umm, all users have “Page Reader”, so you did not restrict anything. See the “WP Roles” tab of the Optional panel, and then choose a less common right.

    Hello, I’ve been using Role Scoper successfully for some time. I recently created some custom types and therefore had to adjust some realm settings. I noticed that Categories was checked, despite this not being something I was restricting with Role Scoper, so I unchecked it. Unfortunately, when categories is excluded form scoped realms, many of my categories become invisible. Any thoughts on how to fix that? It would be unfortunate to lose all of that heirarchical information if we ever had to remove Role Scope or upgrade to Press Permit.

    Thanks!

  266. pocoto

    Hi,
    the reason of this message is just to communicate a bug in the plugin i am hardly suffering.
    If a post is assigned to two categories and a user has read permission to one of them (and not to the other category), the user is still being allowed to read the post. it is supposed it has to be blocked isnt it? because there is a category which is not assgined to him with the read permission.
    how can i fix it? thanks in advanced

  267. Luis

    Yes Kevin you are perfect right. The problem with the search unleashed plugin is that it really does not care in the role restrictions/premissions. With relevansi v 2.9.XX works perfectly.

  268. Luis

    By the way my site is faceing the same problem pocoto relates, some kinda categories restriction inconsistance. Instead of the restriction being the leader, are the permissions.

  269. pocoto

    Thanks for the reply Kevin, great plugin and great support, thanks
    Could you take a look to the link you pasted, cuz i am trying to “solve” the issue my site has, and until it is not complete i am not allowed to 2launch” in the web.

  270. pocoto

    http://wordpress.org/support/topic/role-scoper-vs-search-engines-bug
    Cuz the topic was close even when i totally disagree with the moderator opinion.
    Actually it was closed while i was adding a comment, so just to thank you again the help and time you spent on my prob.
    Please apologize if i cause you any inconvenience during our discussion.
    As i keep writing GREAT GREAT plugin and thanks for your effort on helping others to get a perfect websites.

  271. Kate

    Hi! I love this plugin, thank you!
    I have a quick question – I want to display the role name in use on my wordpress front end, for example: “welcome, kate (role: custom-role-name)”
    I can retrieve the standard wordpress roles, but not for custom roles. Any tips on how to expose the custom role name to the blog UI?
    Many thanks!
    Kate

  272. Eugene

    I just want to let a user be able to edit one specific page that is assigned to them and absolutely nothing else. Is this possible with this plugin or is their a simpler approach (this seems overkill for the one feature I am looking for). Thanks!

  273. Jared

    This plugin looks like it contributes significantly to membership management!

    I am looking for a way to allow one member group to make post comments, while disallowing another group from doing so. Is this level of control possible with Role Scoper?

  274. Pingback: 35 Tips Tricks To Manage and Handle Multi-Author Blogs | Plugin.com

  275. Pingback: 12 Best WordPress CMS Plugins - E-seopro.com | E-seopro.com

  276. Manuel

    Hello!
    Thanks for your plugin.
    I have any problems.
    1. I configurated the Restrictions for users: categories-> restricted. With the categories the role scoper work well, but with the pages does not work.
    I need that any users can read, modify a page and they can “sent to editor for revision”. Too i need that the editors can “to autorize” this page and he can publish it.
    How can i restrict the pages? May i create pages parents? Or how can i to do it?
    When i restricted i have restricted “the new pages”, the users colaborators can not add new pages.

  277. Morena Briga

    Interesting and quite elaborate. I really was looking for a plugin like this.
    Please consider that the italian traslation is incorrect and quite misleading. I had to disable it in order to undersand it all. Thanks for this plugin!




Leave A Comment?

You must be logged in to post a comment.