WordPress.org

Ready to get started?Download WordPress

Ideas

Access Manager

  1. shazdeh
    Member

    12345

    WordPress should have a built-in mechanism for managing who can access what.
    There's already plugins for it, like Tadlock's Members plugin, and I can't remember if it supported custom administration pages or not, but this should be in WP core, because we need a consistent and reliable API.
    A plugin can 'register' a set of options (or it's administration menu[http://codex.wordpress.org/Administration_Menus]). WP picks it up and in it's access manager provides the options for the admin to choose who can access those options. The plugin can check weather current user have access to those options and do it's thing.
    This whole API could be integrated with WP's Settings API, so if you're using Settings API you get the benefit of automatic access management for the plugin or whatever.

    Posted: 2 years ago #
  2. shazdeh
    Member

    12345

    With a plugin, you can't be sure if your plugin user has it installed, but a WP API gives a reliable way.
    It's rather easy to implement and very useful. AFAIK, Drupal and E107 has this, and I couldn't install ModX! :)

    Posted: 2 years ago #
  3. As I already needed such a feature, I agree with the fact that this is a must have for a CMS as WP. It should belong to the core of WP and not only as a plugin. By default, this customization could be set as it is at the present time but with the possibility to custom every user access.

    Posted: 2 years ago #
  4. niredo
    Member

    I turn off user registration, and now no problem.

    Posted: 2 years ago #
  5. edehner49
    Member

    12345

    I agree with you, shazdeh.

    WP should have usable role-based access control built *in* and not rely on any plugins.

    I my case, I decided to use "user access manager" and realized that it has a security flaw. Meanwhile the plugin has gone offline. :-(

    Posted: 2 years ago #
  6. tittbit
    Member

    12345

    turning off user registration is not the solution for that,
    i suggest previously also that wordpress can release 2 versions
    one is advanced and one is general,
    advance may cover all the features like that, wordpress the leading cms can be beaten if the wp doesnt take any action about that.

    Posted: 2 years ago #
  7. cricinfo
    Member

    it is not the problem of unwanted registration which could be solved by only turning off registrations, its the matter of user permissions.
    plugins are not reliable , it should be include in core itself to make wordpress experience more secure

    Posted: 2 years ago #
  8. Ipstenu (Mika Epstein)
    Half-Elf Support Rogue & Mod

    tittbit - Never gonna have 2 versions of WP.

    And arshadd - Plugins are just as reliable as many core edits.

    Try Justin Tadlock's "Members" plugin if you want a good, well written, reliable, supported plugin.

    Posted: 2 years ago #
  9. biswajeet
    Member

    12345

    Yes we can use plugins, but in the long term for a good user management, there must be a solid user management system built into the core with extensibility feature with plugins. As It is seen that there is a lots of nice and new features development in different areas in WP except in user/role. I think it is time to take some good steps to develop fine tune granular type user/role permission...

    thanks!

    Posted: 2 years ago #
  10. Mike Mcmahon
    Member

    I just hate that security can be so easily manipulated with plugins. A flat out api built into the core is a brillant idea. Some sites using wordpress cannot afford to jeopardise their sites security by simply putting their trust in plugins.
    thanks!

    Posted: 2 years ago #

RSS feed for this topic

Reply

You must log in to post.

  • Rating

    12345
    9 Votes
  • Status

    This is plugin territory