Ok, latest wordpress plugin modification. This time its of L. Fargue’s Restrict categories plugin.
- Users are assigned permissions to view posts in certain categories
- If users don’t have permission to certain posts, those posts aren’t shown, including in the main view and archives.
- Categories can be made public to everyone, and there is an option to force users to login.
- This is an initial version, so please report any errors or bugs.
Installation:
1) Download the plugin: http://wordpress.org/extend/plugins/allow-categories/
2) Unzip it
3) Copy to your wp-content/plugins directory
4) Activate within wordpress admin
5) Goto Managed->Allow Categories to edit permissions
Change Log:
0.6.4
Removed debug statement
0.6.3
Fix for recent posts
0.6.2
Remove debug statement
0.6.1
Added allow_list_categories($args) function that can be used in templates to replace wp_list_categories($args) functions. This is a work around until wordpress provide a proper hook for filter a list of categories, so its not perfect. It may work in place of some wp_list_cats() and list_cats() too.
0.6.0
Fix for (Public) posts and redirect to login
Admin users no longer show up in list for version 2.5+
0.5.9
Option to redirect to login if viewing a post or category that is not public and the user is not already logged in
0.5.8
Small bug fix to comment logic in 0.5.6
0.5.7
Allows editing of draft posts by non-admin owner of the draft.
0.5.6
Shows comment content for RSS for public posts or for RSS readers that
know that share login information with the browser (eg. Opera).
0.5.5
Bug fix that would show posts to users who had no categories listed.
Disclaimer:
This plugin is experimental and is provided with no support or warranty. It should not be considered as providing complete security to wordpress content.
I’m trying to use cutline with a category excluder.
I’m running into problems with ghost postings – cutline will show empty posts – no title, just a comment line – instead of not showing posts.
Also, it seems your plugin will by default show all posts. It needs to show only those categorites that the admin allows to the public.
My plugin is not the category excluder, it is the category allower. So by default you should have access to no categoires, as long as you’re not an admin.
Admin users can always see all categories, which makes sense, because they have the permission to edit if a user is in a certain category or not, including themselves.
I installed the plugin, but, um, where do i edit the permissions and such?
1) Make sure the plugin is activated in the plugins menu
2) Go to Managed->Allow Categories
Yan, I see what you mean about it allowing all posts. This is because I use this plugin to ensure the user is logged in:
http://blog.taragana.com/index.php/archive/angsumans-authenticated-wordpress-plugin-password-protection-for-your-wordpress-blog/
Would it be possible to set permissions for a not-logged-in user in future versions?
I’m trying to set up a site with some categories visible to everyone and some categories only visible to logged in users.
Yea, I’m aware I need to add this, to have public categories, I’ll try get it into to a version soon.
If you’d got that working I’d praise your work highly! ^_^
Ok, version 0.3.4 is released with some pretty important fixes. Users that don’t have any permissions now can’t see anything, where as before they could see everything.
Release 0.4.0 will include the concept of public categories.
Ok 0.4.0 is out with public categories and optional forcing the user to log in. Try it out and let me know if anything is wrong.
I just installed 0.4.0 and it does not seem to quite work. My test post was visible on the blog front page to the public and to a logged in user who should not have been allowed to read it.
When trying to read the individual page containing only that one post, the post is not displayed to the public or the logged in user, which seems correct behaviour, but the content is already revealed via the front page.
Using WP 2.3.2
Any ideas?
PS, it also seemed to stop me deleting my test posts (as the blog admin), I had to turn off the Allow Categories plugin to delete the posts, it said I wasn’t authorised to delete them with the plugin activated.
Yes, in my haste to fix some things that didn’t work with version > 2.3 I broke more things. There is now yet another new version 0.4.3 which should fix things :-S
In order to get everything to work in all versions of wordpress > 2.0 I had to use a new method for filtering the posts, so there’s no guarentee I have got it work 100% correctly yet.
I know there are two issues still:
1) When viewing a single post, if there is a hidden post as previous or next, those links still point to those posts, although the content isn’t visible. I’m not sure if there is a way round this right now.
2) When editing a post that you have permission to edit because it is one category, but is also in a category you don’t have permission to edit, the 2nd category is removed. I need to find the best way round this.
Hi,
Trying 0.4.4. seems better regarding my above observations, but now I have a couple of issues with “search” (maybe somehow related to other plugins?)
With Search Everything
http://dancameron.org/wordpress
I find that if I configure Search Everything to look in comments, and I hit a result in a comment in a category I’m not supposed to see, then the post content is revealed to me from the search. If I then click on that content, say to view the post in a single post view, or see the comments, then I cannot and your plugin kicks in to prevent access. But too late!
With Search Everything, if I just try and search for content in the post, I don’t get a hit, which is what I would hope.
Likewise, with a different search plugin, Search Unleashed.
http://urbangiraffe.com/plugins/search-unleashed/
but here the problem is worse. If I search for content in posts I’m not supposed to be able to see, up they come in the search result (but again they are later hidden when trying to click on single posts, or category listings etc).
I would be interested to hear your comments on this, where any conflict might lie with the different plugins.
Hi YikYak,
My plugin hooks in when wordpress is queried for posts using certain functions. If another plugin or a theme query for posts using lower level functions or directly from the database, my plugin will not intercept those calls, so those plugins of themes might reveal data that would be hidden.
Without rewriting those plugins, or wordpress providing other functionality for limiting access to posts, I’m afraid there is nothing that can be done.
A great function to this plugin would be to allow users access to the category AND its category children. To make it more complicated allow the user create subcategorys for the allowed categorys.
Hi, James
I installed 0.4.4 and it’s been a breeze with the installation and in allowing categories according to user categories.
One thing, though, is that it interferes with access to Pages.
What I have in mind is for the public to have access to all the Pages (ABOUT, CONTACT, etc). But Allow Categories restricts access to ALL Pages.
Or am I not configuring this properly?
Yes right now that’s how it works for pages, I will have to modify to have it work fully the way you want. I’ll let you know when there’s a new version with that feature.
It works just great and it was just what I was looking for! Thanks for your great work! :D
There are a few times I can’t filter posts or comments, this is due to wordpress and I’ve raised a request here:
http://wordpress.org/support/topic/156810?replies=1#post-692852
Your plugin simply is great so thank you!
One nice thing, as previously mentionned here, would be to have pages displayed for all users, which seems to only be the case if you are logged in as admin.
Regards,
Nicolas
Actually Nicolas, if you get the latest version there is a (Public) line at the top which will make a post visible to all users.
Hurray, been monitoring your plugins for sometime waiting for a version to allow post for public. Finally it is here (Thanks). one question though, how to make “pages” become visible to public (since there is no category in the “pages”)
Love the plugin. Currently using it for a private blog of mine. What I am having problems doing is allowing RSS feeds. Because I force users to login, when they try to access the feed, it attaches itself to the login page, and not the actual posts. Any chance you can consider this for the next release?
Yes I know its an issue, RSS is very useful for checking whether a blog is updated. I know on the opera browser cookies are shared between the news reader and the browswer, so it can access the feed if you’re logged in already. Or if you don’t force login, public posts will be visible in the RSS feed (though not private ones).
I will consider adding it, but I’m not sure of the best way to do this yet, as there doesn’t seem to be a standard way for logging in with RSS feeds.
goenw, when i have time i’ll investigate pages.
Ok update on what I plan for RSS feeds.
Going to have an option to include just the title for hidden posts in RSS feeds and an option to not have to login to view the RSS feed. Best I can come up with for now. Will let you know when there’s a new version out.
James
Thanks for the great plugin
As you added a “default access” line for Public, could you support a “default access” line for “LoggedIn Users” so that we can have public categories and some others that are only accessible to identified users.
Another way to do this could be to have a default access per category for each new created user, so that it gets filled up automatically.
Frederic
sounds like a good idea frederic, shouldn’t be too difficult to implement.
Ok there’s a new version out, with RSS + Frederic’s request. Let me know if it works as expected.
really easy to use…if only allowed for page access…when that is fixed, this will be the exact plugin that I need. Thanks for your efforts!
Ok, there’s another new version which should handle pages a little better.
Basically the way pages worked before is they were admin only unless the default category (which gets asigned to all pages) had been marked public or logged in. There is now a seperate option to make all pages public (or logged in if you have force login enabled).
Hi,
Is it posible to redirect to login page when the public users access to restriction categories?
thank,
orakanggo
It maybe, though the place that I’m intercepting and removing categories might be too early for that. I’ll investigate.
Hey James,
I still use your plugin and I think it’s great. I’m still hoping for the “comment” bug to be fixed, but I do understand that’s on wordpress table.
There’s one thing I would really like if you did though: a changelog. It’s kinda hard to follow what the new versions bring and I always end up going through almost all the comments in here again to make sense of the new update. Anyway, love the plugin, keep up the good work! :-)
Trying to run Allow Categories 0.5.3 on a new wordpress install. If I have AC active, though, I get database syntax errors. When I deactivate the AC plugin the errors no longer appear. This is while using a MySQL 5.0 database. Thoughts?
Hi James,
Congrats on the development of such a great plugin. How much of a pain would it be to implement a third user (or usergroup) to access certain sensitive categories (ie: Public, Logged In and Author)? I’m aware that I can password protect posts in the “Logged in” categories but it sure would be useful.
Once again, congratulations, great work.
Gene
Gene,
By Author, do you mean the user level author within wordpress, or do you mean author of that specific post. They are both doable, but might take me a while to get round to.
James
Hey James,
Thanks for replying my comment. I’d be interested in user level within WordPress if ever you have the time and inclination to do so.
Once again, I’m really impressed with this plugin, works like a charm.
Thanks,
Gene
BTW James, I saw that version 0.5.4 is out, is this a bug fix release?
Gene
Krof: “There’s one thing I would really like if you did though: a changelog”
I second that motion… LOL!
:)
yep, so change log, hahah, i never intended to make as many changes as I’ve had to to this plugin, so I never got round to being that disiplined. Maybe I will one day.
For now 0.5.4 is a slight improvement. I had some hardcoded database names, these are now taken from the wordpress database object, so the should work on a variety of setups.
LOL! May I suggest that you just post the changes here, on the thread, until you decide on making a formal changelog?
Look at it from the user’s point of view. We see a new version and we have no clue as what it is, what it does, if new features are implemented, security or bug fixes, etc..
Cheers,
Gene
:)
Hey James,
first of all, thanks for creating this plugin! I think it’s excellent.
I am using it for a private blog and for easier access I decided to use a subdomain for that blog.
If I log into the blog via the subdomain route (which links me to the real path where wordpress is installed), write a post and then hit ‘visit site’ from the admin area (which links me back to the subdomain), I can’t see any posts. It is not recognized that I am logged in, consequently nothing is shown. Instead of ‘Site Admin’ is says ‘Log in’.
Is this a problem on my end? Or is this an issue with the plugin?
Thank you very much.
Peter
Would it be possible that if a user gets a link to a post in a private category, that instead of getting a 404 they could be redirected to the login screen and then back to the post which they first came from? /end run on sentence