With WordPress 3.x came an increasing number of websites supporting multiple authors and contributors. The current problem I see is that you cannot restrict user access to particular installed plugins. Say, for instance, I want to grant a contributor access to create a post but not publish. By default, since next to ZERO plugins implement any form of access control, the contributor has full access to any plugins that modify the add post page.
This poses a substantial problem for blog admins looking to support multiple authors that have legacy plugins installed.
Since wordpress already controls active and inactive plugins, there is clearly a database identifier for each plugin. Simply use this identifier to create another table of role based permissions.
My proposal is to create a sub-page or addon of the plugins page to multi-select roles to give admin access to each of the plugins. This would thereby control not firing the add_action(‘init’) method for the given plugin when is_admin() is true.
I created proof of concept code for plugin developers that more or less gets my point across. You can view the example code here:
Unfortunately, it should not be this hard to add access control to plugins as the feature should be baked into WordPress. You guys need to suck it up and admit that the 3+ years of ACL requests actually mean something is missing.
I’ll build this into core for you if you want.
- The topic ‘ACL specifically for plugins’ is closed to new replies.