[Hidden-tech] Best CMS for custom user permissions

Jeff Brand jeff at deltafactory.com
Fri Nov 13 09:22:32 EST 2015


As for the WP approach, you've got the big points covered.

Moving the permission checks into pre_get_posts or some other pre-query 
hook would fix a lot of issues. Feeds, loops, and any other outputs 
would reflect the proper item and item-counts without filtering by 
permission at the template level.

The labor intensive part depends on the rules and data structures. If 
you have access segmented by post type then it may be pretty easy. If 
you rely on per-post metadata, then it gets complex fast. The request 
parsing and query building code in WP are likely the biggest functions 
in the whole platform. You're right about the potential size of the task 
but at least you're in good company.

One suggestion: if you hook into parse_request then you can add 
meta_query and other parameters that will let the existing 
query-building code do the touchy SQL work.

On 11/12/2015 7:03 PM, Greg Perham wrote:
>
>
>
>
> /WordPress vs. Drupal vs. other/ question for you all:
>
> I'd like to know, in a general sort of way, how you would go about 
> configuring your CMS of choice for this scenario. Is the CMS built in 
> a way that easily facilitates this? What are the broad-stroke steps 
> you would perform to set it up?
>
> Guests (visitors not logged in):
> - cannot read Staff Blog
> - cannot read Staff Calendar events
> - can read /public/ Community Calendar events
> - cannot read /private/ Community Calendar events
>
> Community:
> - cannot read Staff Blog
> - cannot read Staff Calendar events
> - can read /public/ Community Calendar events
> - can read /private/ Community Calendar events
>
> Staff:
> - can read Staff Blog
> - cannot create Staff Blog posts
> - can create Staff Calendar events
> - can read all Community events
> - can create Community events
>
> Staff Contributor:
> - can read everything
> - can create Staff Blog posts and all event types
> - cannot edit Pages, etc
>
> - Staff Blog not included in any RSS feeds or sitemap
> - /private/ Community events not included in any RSS feeds or sitemap
>
> WordPress does have User Roles and a permissions system. The most 
> straight forward solution would be to create custom Roles and 
> permissions and then hide posts/events from being displayed, but that 
> doesn't block them from feeds and can lead to situations where you're 
> expecting 10 blog posts on a page and only get 8 because 2 of those 
> queried were skipped from display; it doesn't work on a category-wide 
> level, and certainly doesn't have any affect on creating posts. I 
> think you'd have to do some intricate work with `pre_get_posts` and 
> (forthcoming) taxonomy meta to truly block posts everywhere, and 
> create a front-end content creation interface to have the best control 
> over that aspect. In all, quite clunky and labor-intensive.
>
> I wrote a plugin that will do a much simplified version of this for 
> WP's built-in post categories using 
> `current_user_can('read_private_posts')`, but it falls far short of 
> the requirements above.
>
> So, do other CMSes have an integrated system for this sort of thing, 
> where you can control content visibility/editability/creation by 
> content type /and/ taxonomy? I've been told one of the major selling 
> points of Drupal is the permissions system. Am I overlooking a scheme 
> for an elegant solution in WP?
>
> And…go! :)
>
> Regards,
> Greg
>
>
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20151113/1763c84b/attachment.html 


Google

More information about the Hidden-discuss mailing list