Introducing Role Scoper for WordPress
Intro to WordPress Roles · Role Scoper Description · Acknowledgements · Download · Usage Guide · News
WordPress: Capabilities, Roles and Wish Lists
Whenever you access a WordPress site, the software considers what you are trying to do: read a post, edit a page, manage categories. Most sites allow you to read posts and pages without logging in. Any other operation you may request is permitted only if your user definition (as identified by login name and password) includes a corresponding capability.
For administrative convenience, WordPress bundles capabilities into collections called roles. By default, these roles are:
Subscriber:
- read published posts and pages
Contributor:
- all Subscriber capabilities
- contribute a post (for review by editor), and edit it before publication
Author:
- all Contributor capabilities
- contribute a post, publish/unpublish/edit it, and moderate its comments
Editor:
- all Author capabilities
- contribute/publish/unpublish/edit any user’s post
- contribute or edit any page
- manage all categories and moderate any comment
- read posts and pages which are marked “private”
Administrator:
- all Editor capabilities
- define users and assign them roles
- configure all site options
This role configuration works well for WordPress’ conventional application as a single-user blog. But what if you want someone to contribute their own pages without editing other’s post or pages? Or maybe some users should edit other’s posts without being able to edit pages at all. The current solution is to use an existing plugin like Role Manager to either redefine “Editor”, or create a cloned “Special Editor” role, moving existing Editors to it as needed. As plugins come on board with additional capabilities, the role permutations increase. This one-role-per-user paradigm makes for simple source code and queries, but as a site shifts from single-user blog to multi-user CMS, role creation / editing is inconvenient for both developer and site administrator.
If you manage to successfully define and assign custom roles for your WordPress CMS, soon you will wonder how to grant reading or editing capabilities for multiple subsets of posts or pages. On your WordPress-powered high school news site, how can you enable someone to post only to the “Sports” category? On your corporate intranet site, can you conveniently enable members of HR to edit existing and future personnel policy pages (but not the engineering best practices pages)? Can you enable someone to create a new page, but specify a subset of “parent” pages it can be linked to? Can all these content-specific roles be administered on a sectional basis, or must someone edit/administer the whole site or nothing?
By default, WordPress doesn’t have a good answer to those CMS dreams, regardless of any custom roles you may define.
Some past and current WordPress plugins (Limit Categories, Category Visibility, Post Levels, Restrict Pages, Disclose Secret, WP-Group-Restriction) have dealt with pieces of this permissions puzzle. Using them, I appreciated a multitude of useful features. Yet as I tried and tried again to combine and configure this plugin assortment to meet all my WordPress CMS aspirations, there was always a missing piece.
Enter Role Scoper
Role Scoper is a comprehensive enrichment for capability enforcement and administration in WordPress. Assign reading, editing or administration roles to users or groups on a page-specific, category-specific or other content-specific basis.
Role Selection Boxes in Edit Post / Page Form (note: for basic usage, this is all you need to deal with):
screen shot: Role Assignment Tabs in Edit Post
screen shot: Role Assignment Tabs in Edit Page
Optionally, define User Groups for subsequent Role Assignment:
screen shot: Edit User Group
Each User’s WordPress role is honored by default, but can be:
- supplemented with content-specific role assignments
- disregarded if the role is restricted for the requested content
screen shot: Scoped Roles in User Profile
Set Category Restrictions to block reading/editing access for users who have a specified WordPress role but no corresponding Role Scoper role (note, post/page restrictions also available):
Assign Category Roles to expand reading or editing access:
^ click to examine Category Roles User Interface (sample html)
Scoped role restrictions and assignments are reflected in every aspect of the WordPress interface, from front end content and navigation to administrative post and comment totals.
Additional features:
- Propagation of Roles or Restrictions to subcategories / child pages
- Default Restrictions, Default Roles and Default Groups automate admin tasks
- Hidden Content Teaser: choose whether unreadable front-end content is hidden or replaced with a customizable teaser
- Role Administration Aides: Post/Page role assignment UI indicates where users have a role implicitly via WP role, category role or group membership. (Made possible by a new role storage schema and users_who_can function).
- Pending Revisions enable Contributors to edit a published post/page, with the change held for review by an administrator update: Pending Revisions are now handled by the Revisionary plugin.
- Internal File Cache limits Role Scoper’s database query overhead
- Attachment Filtering prevents direct file access to your uploaded images/documents if the user can’t view the containing post/page
- Plugin API allows other plugins to define their own data sources, taxonomies, capabilities and content-specific roles
- User Customization of Role Definitions (add or remove applicable capabilities for each content-specific role)
Although Role Scoper’s default configuration is ideal for most sites, its functionality and sphere of influence is highly customizable to match your usage.
^ click to examine Role Scoper Options User Interface (sample html)
Due to its abstract data model and API, Role Scoper can be extended to bring content-specific access control to other plugins which define and check WordPress capabilities. The resulting plugin-specific roles will supplement any other assigned roles; there is no need to merge all capabilities into an all-inclusive role.
Role Scoper has been a stable release since March 2009, with over 200,000 downloads. This plugin is open source software released under the General Public License (GPL). Due to limitations, obligations and non-technical aspirations common to most human beings, I will probably never again donate unpaid plugin development on the scale Role Scoper has required. However, I do plan to provide some free support, correct bugs which emerge and revise the plugin for future WordPress versions. If it adds value to your website or saves you time and money, you can express appreciation in several ways:
- Download Role Scoper and try it out on your WP 3.0+ site. (legacy version for WP 2.7-2.9 also available).
- Add your own vote to Role Scoper’s plugin rating
- Submit technical feedback, including improvement requests.
- Submit a case study, explaining how Role Scoper helps you do something excellent and praiseworthy.
- If the plugin has seriously broadened your CMS horizons,
- If you are a seasoned web developer, grant me your professional opinion on how this work stacks up and how I might best make a sustainable career of it.
- Hire or refer my services to develop or enhance your site - quality care at reasonable rates.
Posted: May 15th, 2008 under News, Role Scoper, WordPress Plugins.
Comments: 429
429 Responses to “Introducing Role Scoper for WordPress”
Pages: « 11 10 9 8 [7] 6 5 4 3 2 1 » Show All
Time: July 11, 2010, 11:04 pm
Also, can Role Scoper be used to hide a page AFTER login? I have a page that says, essentially, "login here." Once someone has logged in, can Role Scoper be set up to hide that page?
Time: July 9, 2010, 3:50 pm
Can Role Scoper be used to hide/change/add profile fields?
Time: June 17, 2010, 3:44 pm
chryjs emailed to say that he suppressed the open_basedir error message by prefixing an @ before each is_dir call. Switching Role Scoper's Internal off may have also worked. It looks like his server file permissions are preventing the cache from working.
Time: June 17, 2010, 3:41 pm
Andrea: yes, Role Scoper can do that for you. See the Usage Guide.
Time: June 17, 2010, 1:04 pm
Brendan, take a look at Roles > Options > Advanced tab > Limited Editing Elements
Once you know the html ID of the plugin UI in question, you can suppress it (for specified roles) by adding that ID to the semicolon-separated list. In some cases, the Adminimize plugin can also help.
Time: June 17, 2010, 1:00 pm
I corresponded with Efren by email. He had some invalid WP Super Cache settings. Correcting those cleared the internal errors. Here are the details:
Despite a writable default .htaccess file, WP Super Cache Settings continued to indicate "unable to write Rewrite Rules". I also noticed that /.htaccess and /wordpress/.htaccess seemed hard-linked on the file system, and wondered whether this was confusing WP-Super Cache. The only way I got WP-Super Cache to show .htaccess as writable was by editing wp-cache.php (function wsc_mod_rewrite(), around line 580) to look at wordpress/.htaccess instead of /.htaccess
Even after the above change, WP Super Cache did not successfully auto-update .htaccess. I had to paste its displayed RewriteRules in myself.
Time: June 16, 2010, 5:58 pm
I have got a partial french translation if you want it.
Time: June 16, 2010, 11:18 am
Hello, thanks for this plugin (too bad it lacks translation maybe I can help). But I have plenty of these errors when modifyinbg or applying roles :
Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(/usergroups_for_ug) is not within the allowed path(s): (/mnt/159/sda/3/d/www.ecole.b) in /mnt/159/sda/3/d/www.ecole.b/wp-content/plugins/role-scoper/hardway/cache-persistent.php on line 500
Time: June 9, 2010, 9:31 am
Just trying to see if this plugin works fine for me.
I'll have this portal based on categories. Every editor can add a post BUT any post has to be only in one of the 25 categories I have (no matter wich one they choose, it has to be only one!).
Does this plugin helps me???
Is this possible? If yes, how or with wich plugin/s?
Thanks!
Reply
Time: June 3, 2010, 12:05 pm
Hi Kevin, quick question. When I log into my blog as a contributor I still have access to certain plugins from with the publishing a new post section. For instance, I'm using the WP to Twitter plugin and when a contributor logs in, they are given the option to NOT tweet the new post from the publishing area. Is there anyway to restrict plugin visibility from the publishing area within Role Scoper?
Time: May 17, 2010, 6:51 pm
Internal error supposes some problem with web server configuration. Maybe your server does not support some functionality.
Time: May 17, 2010, 6:49 pm
Efren, it seems you have some limitation on connections to MySQL maybe you should ask your host administrator?
Time: May 17, 2010, 1:19 pm
Role scoper will continually crash my site. When I try to activate it I get the following error:
This Page Cannot Be Displayed
Internal system error when processing the request for the page ( http://www.jamiesonschool.org/wordpress/wp-admin/plugins.php?activate=true&plugin_status=inactive&paged=1 ).
Please retry this request.
If this condition persists, please contact your corporate network administrator and provide the code shown below.
Notification codes: (1, INTERNAL_ERROR, http://www.jamiesonschool.org/wordpress/wp-admin/plugins.php?activate=true&plugin_status=inactive&paged=1)
It then says that the user has too many active connections. Any thoughts?
Time: May 17, 2010, 11:12 am
Benjamin,
Role Scoper is "MU aware." In fact I did the work to make it so at the request of clients, who have since confirmed MU compatibility.
I suggest temporarily defining WP_DEBUG as true in your wp-config.php file. You should then see a descriptive error message instead of a white screen. My guess is you didn't have enough free memory prior to activating Role Scoper and now you're exceeding your server's PHP memory limit.
If you need to follow this up with me, please bring it to the Support Forum.
Time: May 17, 2010, 2:35 am
I'm having an issue using this plugin on a Wordpress MU site. All blogs on this site display the main blog's navigation in the header, and they do this using the "switch_to_blog" function in the header, loading the navigation, and then calling the "restore_current_blog" function. The problem is that sub blogs (blogs that are not the main blog) with the Role Scoper plugin enabled render a blank primary navigation. My guess is that the way this plugin was coded is that it is not "MU aware" and hence can not check permissions on pages that are not in the same blog. I'm hoping to find a solution… has anyone else encountered this? Would it be hard to hack the plugin so that this works? Thanks.
Time: May 3, 2010, 9:13 am
Kevin,
Nevermind. I actually went to the support forum (should have went there to begin with) and found an answer.
For anyone else needing the same answer, this may give you some direction: http://agapetry.net/forum/role-scoper/check-if-user-has-a-certain-role/page-1/
Nate
Time: May 3, 2010, 8:55 am
Kevin,
Can I use RS to manipulate what a person has access to on the front page of the site? Or to be able to provide different things depending on the role? I realize that you can do it with posts/uploads, but is there a way (template tags?) to provide different navigation structure to varying groups created by RS?
For example:
Group A sees Navigation Structure A on the frontpage. Group B sees Navigation Structure B on the frontpage.
Thanks! Nate
Time: May 2, 2010, 5:02 pm
Oh sorry, it relates to this post from 2008. here's your reply. it's what I want to do
Stefano,
You can do that (enable Authors to edit one page and nothing else) as follows:
* Install the Role Manager plugin and use it to remove the "edit_posts" capability from the Author role. Can also remove all other caps except "read" if you want.
* While logged in as admin and with Role Scoper activated, edit the page you want Authors to edit.
* Expand the "Editor" dialog. Click on "Groups" and select "[WP Author]"
* Save the page
Prior to the new revision, these authors could still get into the "Write Post" / "Write Page", but could not save anything as published. Now they won't even see the "Write" menu link.
Time: May 2, 2010, 4:58 pm
I read a respponse some time ago for only allowing a user to have access to editing one page and access to nothing else. I'm quite new to wordpress but i'm getting there, just needed a walkthrough from one of you guys on how to set this up. It's for a free biz directory in the village. Ive installed the plug in but dont want to mess with it until i know exactly what to change. I understand it's the "auther role" and removing things, but according to an earlier post alot has changed since. Maybe I'm trying to hard.
Time: April 26, 2010, 12:30 pm
No, Role Scoper does not edit (nor require editing of) any WP core files.
Time: April 26, 2010, 11:41 am
Hi Keven!
I was wondering if the Role Scooper plugin edits any of the WP core files in the wp-admin or wp-includes folders?
Time: April 12, 2010, 12:30 pm
Cufflinks, You can review your options for this at Roles > Options > Features tab > Hidden Content Teaser.
If you set the teaser mode to "excerpt or pre-more" and place a more tag after the second paragraph in each post, Role Scoper will cut off the teaser content there. There's currently no way to automate that paragraph cutoff.
Time: April 8, 2010, 1:44 pm
David,
If you need those users to retain a WP role of "Editor", use Capability Manager to remove the "edit_pages", "edit_published_pages", etc. capabilities. You could also increase the Author's post editing capabilities. In fact, if that's all you're trying to accomplish you may not need Role Scoper at all.
Time: March 31, 2010, 11:06 pm
Hi There
This Role Scoper plugin seems really useful! I think its alot more sophisticated than a password protected page.
I saw the description and screenshot, but I am not sure if it will apply to what I am after.
Essentially, what I hope to achieve is something similar to this site: http://www.mckinseyquarterly.com/Four_ways_to_get_more_value_from_digital_marketing_2556
If the user is not logged in, the site will limit the display to 2 paragraphs (just an excerpt and not the full article) and require the user to register or login to read the full article. I like this approach as it will help generate and grow the readership. Do you know if your plugin can serve this simple requirement?
I am in the middle of building my WordPress site and it will not be a blog but more of a CMS.
Would be great to hear your thoughts. Thank you!
Time: March 31, 2010, 11:00 am
Hi.
I've used your fantastic plugin largely to great success. I am trying to set authorization for a user whom I want to give complete post & category access but no page access at all. I've managed to get it to a point where this user (who I created as an Editor) can't see any of the already created pages in their 'backend' but unfortunately they can still create new pages.
I'd be really grateful for any suggestions.
Thanks in advance.
Time: March 30, 2010, 12:37 pm
Courtney, Did you read the instructions in "Other Notes" in Role Scoper's WP plugin directory entry?
To hide Post/Page menus, try the Adminimize plugin.
Time: March 30, 2010, 12:19 pm
Hello,
I'm trying to get this to work with Flutter. I have several Flutter write panels and different groups who should only have access to a few of them.
I have RS working — kind of. It doesn't remove the whole write panel if the person doesn't have access to that write panel's page or post category.
For a Flutter write panel that holds posts of a certain category, if you don't have access to the category that those posts are associated with, then you can't manage the items. However, you are able to create a new post from that Flutter write panel. I suppose this is because at this point the post hasn't yet been created and therefore associated with that category (which it does by default in that write panel). So, ideally, we'd just not give people access to the left navigation flutter item.
Also — it would be nice to be able to shut off access to the Posts and Page navigation items. Because those still hold all of the Flutter posts and pages.
Any thoughts? Thanks.
Time: March 20, 2010, 10:16 pm
Michael, Role Scoper has an Attachment Filter functionality which limits access to uploads which are attached to a Private or Restricted Post/Page. Just assign the Post/Page Reader role to those who should access the uploaded file(s).
Time: March 18, 2010, 1:00 pm
Nice plugin. May I use it for separation of access rights to uploaded files? I need that particular users may download only those files that are assigned to them.
Time: March 13, 2010, 5:14 am
Kevin, thank you for explanation of Wordpress roles. I used this blogging engine for a 5 years but only today I learn about differences between user roles. The fact of the matter is that I started some blog project where I need that users may enter his own post without access to options that are available for admin. As I see your plugin help to customize user roles more easy than Wordpress do it.
Time: February 26, 2010, 5:38 pm
Jeff,
(1) - I've never used that plugin; will look into it when I get time. Maybe you can explore that and tell me what you find.
(2) - Yes, as long as they're logged in the direct file URL will return the actual content without any WordPress wrapping.
(3) - Yes, the unattached uploads would be blocked from all roles except Administrator.
Time: February 23, 2010, 7:09 pm
Oscar, You can find those release notes in the WP Plugin Directory.
Time: February 23, 2010, 2:52 pm
Thanks a lot for this plugin, it is very useful and reliable! Keep up the good work. I was wondering if you have release notes for 1.1.7? I found a post regarding 1.1.6, but can't find it for the latest rev. Do you have a change log for the latest version?
Time: February 21, 2010, 10:43 am
Hi Kevin,
Very nice plugin! I'm hoping to use this for an intranet for a non-profit board, and I have just a few questions.
1. I'd like for everyone who types in our address to be presented with a login screen; if they have a username and password, they are taken to content, not admin. It looks like RoleScoper doesn't do that. Can your plugin coexist with something like the plugin "Restricted Site Access"?
2. I want to make sure that uploaded files are secure, and only accessible to those with the permissions associated with the posts/pages to which that file is attached. (Admittedly, this is the biggest reason I'm interested in your plugin; we aren't going to have that many roles, although I'm sure I'll make use of them, especially as things expand.)
So, each board member will be a "subscriber" and all posts will require at least that role.
Am I correct in understanding that if we were to send a link to an attached file in an email to one of the board members, they could click that link and get access to the file, as long as they are logged into the site? Without having to go the page?
3. I noticed this text on the WP Plugin site, under Attachment Filtering: Normally, files which are in the uploads directory but have no post/page attachment will not be blocked. To block such files, copy the following line to wp-config.php: define('SCOPER_BLOCK_UNATTACHED_UPLOADS', true);
Does this block access for everyone, regardless of role? I assume that the idea is you could upload files in advance of attaching them to a post or page, knowing that they are secure until you have defined their access.
Thanks so much for your help.
Jeff Miller
Time: February 15, 2010, 11:44 am
thanks for making this plugin, it seems to be rather complex, which scares me a bit, but I just read a ton of this page and am now going to try to implement it. I already downloaded it a few minuteas ago right into my wordpress account. Thanks, my aplogies for future support questions if they happen., Adam
Time: February 5, 2010, 8:34 pm
[...] » Brand Control – A Brand Management Plugin For WordPress. How Do I Uninstall Internet Explorer From My Pc? - Brand Management WorldWordpress Plugin – Booking CalendarRole Scoper Plugin for Wordpress | Agapetry [...]
Time: January 29, 2010, 4:13 pm
[...] Tighter integration with WordPress's built-in functions. Now all my custom MySQL queries are gone, and WordPress is used for everything. This makes stripShow compatible with plugins that might modify the WordPress query, like Role Scoper. [...]
Time: January 22, 2010, 9:50 pm
[...] of these was limiting users to certain categories. If this were my only need, the very useful Role Scoper plug-in would have worked wonderfully. However, there were a number of other requirements that Role [...]
Time: January 21, 2010, 3:53 pm
Johnathan,
I finally reproduced this, and fixed it in the updated Role Scoper Development Snapshot. I plan to push that into a stable release by the end of the week.
The info I was missing was that the error occurred during a WP-mu upgrade operation.
Pages: « 11 10 9 8 [7] 6 5 4 3 2 1 » Show All
Time: July 18, 2010, 9:50 am
[...] 2. Role Scoper Plugin for WordPress | Agapetry [...]