Agreed. (Sounds a bit like BP GTM, which has those settings).
I know you (Tareq) said you’re not a big fan of BuddyPress, but… uploaded files would also need to be hidden from everyone except members of the BP group that owns the project. For example, I’m working on a site with a number of private groups, all of which may want to run projects, so the file- (and project / task / comment, etc) visibility would need to respect the group privacy settings of each BP group.
Currently all the file paths are hidden from a user. The files are served by proxy script to the user. So you don’t see the file paths anywhere except the media library. If you want to more secure the upload directory, you could turn on directory indexing with .htaccess.
I think the files need to be separated from the WP media library for 2 reasons.
I’m not currently worried as much about security as organization and bloat.
Keep the blogging/website side of WP clean. No reason to see 100 of random project files when I’m trying to locate an image for a blog post.
Also when I delete, or am done with a project I could remove the files simply by removing that projects directory, or this could be done by the project manager. This would also make it convenient to export all files specific to one project. This would enable the ability to add a feature to ‘download/archive all project files’.
Another thought, if I’m not a member of a certain project, I could simply snoop around the media library if I’m at an Author level or above.
Hiding from the media library will come in a future release.
I am also thinking to add a permission tab on projects to set which users can have which role/restriction, not sure yet what role should be there. Any thoughts on this?
Hiding from the library would help, but I still believe storing project files in their own location is ideal. Other plugins do this, Next-Gen gallery is a good example. That would also enable easy archiving of projects.
I could see it useful to be able to assign project management levels to different users on a per project basis.
Example: If I had a user that had a role of subscriber in WordPress (so they can’t muck with my WP install) but I wanted them to be able to admin/manage a specific project, this would be useful.
Maybe once a user is added to a project they could have a default low level permissions assigned with an option to upgrade their level within that project by the project creator.
Roles/Permissions
Level | Name | Permissions
Level-4 Admin – lower levels plus edit/delete/archive project
Level-3 Project Manager – lower levels plus can edit/delete others posts/files tasks. etc.
Level-2 Project Member – lower levels plus can view, post, upload attachments
Level-1 Project Subscriber – Upload restrictions, notify(email) other users restrictions, can’t create tasks/milestones, messaging restrictions ?…
I don’t have a current need for these roles, but it would be a good addition making the plugin much more powerful and flexible.
The front end editor would tie in nicely with roles also. Many people included on a project likely could care less about the backend and just come to a site to manage their respective project.
Permision should be assigned by the admin. Just a series of check boxes or something like that.
Is there a way the plugin could interface with the Members plugin?
This would be very flexible to make custom roles and permissions.
http://wordpress.org/extend/plugins/members/
