Initially this was developed for use on my own site to allow proposals I created for clients to live within my WordPress site as a custom post type but one that (even if someone stumbled across the URL) they wouldn't be allowed to see. But the uses are already going beyond that for me and I'm sure there are many implementations that I haven't even thought of.
Post Access
Within the
edit form for any of your post types (see below for configuration options that will determine which types of posts get this option) there is a new meta box that allows you to indicate what type of access controls you would like to enforce on that post. If you choose "By Individual" then you are given a list of all the current users for that WordPress installation. You can check as many of these checkboxes as you'd like to individually give those users access to that particular post. Similarly you can choose "By Group" from that same drop down and you will be presented with a listing of groups that users can be assigned to for more reusable combinations of users.
User Groups
As mentioned above, each post can have one or many user groups that are given access to a particular post. These groups are maintained through the "User Groups" forms that live within the "Users" menu in the WordPress admin. You can create as many user groups as you'd like and assign users to whichever groups make sense. There is no limit to the number of users within a group and there is no limit to the number of groups a given user can be in. These groups can make this a great tool for websites for organizations that have committees or teams that need access to some information but that information is not public. A user group can be setup and re-used over and over. And then if a member leaves (or is added) it only needs to be maintained in that one group definition rather than adjusting all of your posts.
These admin forms have been built with all the WordPress admin tools and structures so they feel like they are part of WP Core. Easy to browse through, filter results and maintain all of your groups and their members.
Configuration Options
There are just a few configuration options for this plugin available through the Settings menu:
- You can specify which post types should even have this option on the edit form. This can be nice when there are multiple administrators and authors and only some post types should have this sort of option.
- There is a place to enter the default access denied message that a visitor would see if they tried to access a post that they were not allowed to see based on the controls setup. This can be overridden within each post but it's nice to have a default if it's always going to be the same message you want to tell visitors.
- To make this fit with your preference on how the edit post form feels you can adjust the location that this new meta box should go to. This is a little generic because of how many options there are for WordPress to layout their admin but you get all the options that WordPress provides for locations on that form.
- Lastly you can control the "priority" of where that meta box falls in the location you specified. For instance if you put a high priority on something and put it in the "Along Right Side" location then it will be at the top of the right side above the publish box. Any other priority setting for the right side location setting will result in it being below the publish box.
Installation of the Post Access Controller is pretty standard.
- Download the zip archive of the plugin
- Extract the archive
- Upload that archive to the /wp-content/plugins/post-access-controller/ folder
- Go to the Plugins menu in the admin of your WP site
- Click Activate in the Post Access Controller line
- Go to the Settings -> Post Access Controller page to get a few things setup and configured.
- Done! You're ready to start editing or creating posts with all the access control you need.