WordPress.org

Forums

A core implemented acp (access control panel) (4 posts)

  1. Zoker
    Member
    Posted 10 months ago #

    Hi there,

    In my opinion the only real thing, that wordpress does not have on this own, is a core implemented ACP (like joomla has).

    I know there are many plugins, that try to add this feature, but it's not the same, as wp would includes it core.

    For example many plugin authors will add compatibility to their plugin to work with the wp access manager. So they can set, if user group xy can comment on a post or can access a certain page.

    So the admin can create/manage user groups and set right, the group has.

    What do you guys think?

    Thank you
    Zoker

  2. catacaustic
    very awesome
    Posted 10 months ago #

    While it's not a bad idea, and there's a lot of sites that would benifit from this, there's a lot more sites where it would be an administration nightmare. That sort of security should only be available when it's needed and it's able to be administered by someone that actually knows what they are doing.

    The majority of end-users out there wouldn't understand how ot set things up corrctly, and that means that any security would be effectly worthless because the wrong settings have been applied. The issue si that if people are given a way to easily change something that they know they shouldn't be playing with, they'll still change it anyway. As aprime example of that, look at how many threads on here say "help I changed the URl and broke everything" even though in every one of those threads it always says "don't do that!".

  3. Zoker
    Member
    Posted 10 months ago #

    Yes I understand your point.

    But think about an option, where you have to put a code into the config file (like multisite enabling):
    define('WP_ALLOW_ACP', true);

    Like the Multisite, this feature can cause many problems, if you handle it wrong. But I dont think, a user can break his wordpress, if he set some capabilities wrong:
    Based on the limitation, that the user cannot change the administration capabilities (that would be a very important thing, so the admin cannot devote his power by accident), the only bad thing that could happen is, that the admin gives a usergroup a permission they should not have (like change theme etc).

    But this does not brake the page! It does only cause an unwanted permission setting.

    So I think, when you make normal end-users as hard as possible, but the advanced user simple to activate that feature and if you put a "Be aware" message at the page, when the users tries to give a permission to a user, which should be permitted, I guess this would work fine.

  4. catacaustic
    very awesome
    Posted 10 months ago #

    But what happens when that unwanted permission is "delete whatever you like"? These things do happen, and as much as we always say "take backups, NOW!!!" people don't.

    I do fully understand what you are saying, and I can really see why it would be fantastic, but in reality it is best left to a plugin, and let "standard" website owners deal with permissions in a very known, and very well specified, way. As I said before, too many options makes people make too many stupid choices. This is really plugin territory, not core.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.