Role Scoper

Screenshots

Role Scoper is a comprehensive access control solution, giving you CMS-like control of reading and editing permissions. Assign restrictions and roles to specific pages, posts or categories. Role Scoper is no longer actively developed.For feature requests (including plugin compatability issues) and WP 3.7+ compatibility try the successor plugins, Press Permit Core and Press Permit Pro. See the RS-PP feature comparison grid for details. How it works: Your WordPress core role definitions remain unchanged, and continue to function as default permissions. User access is altered only as you expand it by assigning content-specific roles, or reduce it by setting content-specific restrictions. Users of any level can be elevated to read or edit content of your choice. Restricted content can be withheld from users lacking a content-specific role, regardless of their WP role. Deactivation or removal of Role Scoper will return each user to their standard WordPress access (but all RS settings remain harmlessly in the database in case you change your mind). Scoped role restrictions and assignments are reflected in every aspect of the WordPress interface, from front end content and navigation to administrative post and comment totals. Although Role Scoper provides extreme flexibility and powerful bulk administration forms, basic usage is just a set of user checkboxes in the Post/Page Edit Form. Partial Feature List WP roles work as is or can be limited by content-specific Restrictions RS roles grant additional Read or Edit access for specific Pages, Posts or Categories Define User Groups and give them one or more RS roles Can elevate Subscribers to edit desired content (ensures safe failure mode) Control which categories users can post to Control which pages users can associate sub-pages to Specify element(s) in Edit Form to withhold from non-Editors Grant Read or Edit access for a limited time duration Limit the post/page publish dates which a role assignment applies to Customizable Hidden Content Teaser (or hide posts/pages completely) RSS Feed Filter with HTTP authentication option File Attachment filter blocks direct URL requests if user can’t read corresponding post/page Inheritance of Restrictions and Roles to sub-categories / sub-pages Default Restrictions and Roles for new content Un-editable posts are excluded from the Edit Posts/Pages list Optimized to limit additional database queries XML-RPC support Integrates with the Revisionary plugin for moderated revisioning of published content. Supports custom Post Types and Taxonomies (when defined using WP schema by a plugin such as Custom Post Type UI Extensive WP-mu support Template Functions Theme code can utilize the is_restricted_rs() and is_teaser_rs() functions to customize front-end styling. Other useful functions include users_who_can(), which accounts for all content-specific roles and restrictions. For more information, see the Usage Guide or Support Forum. Support Author periodically reviews support forum and addresses any major bugs on supported WP versions. Author is available for professional consulting to meet your configuration, troubleshooting and customization needs. Documentation A slightly outdated Usage Guide is available. It includes both an overview of the permissions model and a How-To section with step by step directions. Volunteer contributions to expand, revise or reformat this document are welcome. Role Scoper’s menus, onscreen captions and inline descriptive footnotes can be translated using poEdit. I will gladly include any user-contributed languages!. Plugin Compatibility Issues Custom WP_Query calls : Often, conflicts can be resolved by specifying a post_type argument. To prevent improper filtering of front-end ajax calls, pass required_operation=read WP Super Cache : set WPSC option to disable caching for logged users (unless you only use Role Scoper to customize editing access). WPML Multilingual CMS : plugin creates a separate post / page / category for each translation. Role Scoper does not automatically synchronize role assignments or restrictions for new translations, but they can be set manually by an Administrator. QTranslate : Role Scoper ensures compatibility by disabling the caching of page and category listings. To enable caching, change QTranslate get_pages and get_terms filter priority to 2 or higher, then add the following line to wp-config.php: define('SCOPER_QTRANSLATE_COMPAT', true); Get Recent Comments : not compatible due to direct database query. Use WP Recent Comments widget instead. The Events Calendar : Not compatible as of TEV 1.6.3. For unofficial workaround, change the-events-calendar.class.php as follows : change: add_filter( 'posts_join', array( $this, 'events_search_join' ) ); add_filter( 'posts_where', array( $this, 'events_search_where' ) ); add_filter( 'posts_orderby',array( $this, 'events_search_orderby' ) ); add_filter( 'posts_fields', array( $this, 'events_search_fields' ) ); add_filter( 'post_limits', array( $this, 'events_search_limits' ) ); to: if( ! is_admin() ) { add_filter( 'posts_join', array( $this, 'events_search_join' ) ); add_filter( 'posts_where', array( $this, 'events_search_where' ) ); add_filter( 'posts_orderby',array( $this, 'events_search_orderby' ) ); add_filter( 'posts_fields', array( $this, 'events_search_fields' ) ); add_filter( 'post_limits', array( $this, 'events_search_limits' ) ); } PHP Execution : as of v1.0.0, mechanism to limit editing based on post author capabilities is inherently incompatible w/ Role Scoper. Edit php-execution-plugin/includes/class.php_execution.php as follows : change: add_filter('user_has_cap', array(&$this,'action_user_has_cap'),10,3); to: add_filter( 'map_meta_cap', array( &$this,'map_meta_cap' ), 10, 4 ); replace function action_user_has_cap with : function map_meta_cap( $caps, $meta_cap, $user_id, $args ) { $object_id = ( is_array($args) ) ? $args[0] : $args; if ( ! $post = get_post( $object_id ) ) return $caps; if ( function_exists( 'get_post_type_object' ) ) { $type_obj = get_post_type_object( $post->post_type ); $is_edit_cap = ( ( $type_obj->cap->edit_post == $meta_cap ) && in_array( $type_obj->cap->edit_others_posts, $caps ) ); } else { $is_edit_cap = in_array( $meta_cap, array( 'edit_post', 'edit_page' ) ) && array_intersect( $caps, array( 'edit_others_posts', 'edit_others_pages' ) ); } if ( $is_edit_cap ) { $id = $post->post_author; if ( isset( $this->cap_cache[$id] ) ) { $author_can_exec_php = $this->cap_cache[$id]; } else { $author = new WP_User($id); $author_can_exec_php = ! empty( $author->allcaps[PHP_EXECUTION_CAPABILITY] ); $this->cap_cache[$id] = $author_can_exec_php; } if ( $author_can_exec_php ) $caps []= PHP_EXECUTION_CAPABILITY; } return $caps; }<h3>Attachment Filtering</h3> Read access to uploaded file attachments is normally filtered to match post/page access. To disable this attachment filtering, disable the option in Roles > Options or copy the following line to wp-config.php: define(‘DISABLE_ATTACHMENT_FILTERING’, true); To reinstate attachment filtering, remove the definition from wp-config.php and re-enable File Filtering via Roles > Options. To fail with a null response when file access is denied (no WP 404 screen, but still includes a 404 in response header), copy the folling line to wp-config.php: define ('SCOPER_QUIET_FILE_404', true); Normally, files which are in the uploads directory but have no post/page attachment will not be blocked. To block such files, copy the following line to wp-config.php: define('SCOPER_BLOCK_UNATTACHED_UPLOADS', true);<h3>Hidden Content Teaser</h3> The Hidden Content Teaser may be configured to display the first X characters of a post/page if no excerpt or more tag is available. To specify the number of characters (default is 50), copy the following line to wp-config.php: define('SCOPER_TEASER_NUM_CHARS', 100); // set to any number of your choice