User Permissions Plugin
User Permissions is a plugin that takes the simple WordPress permissions models one step further and allows you to assign permissions to specific posts that restrict users or roles from reading or editing it.
To summarize:
- Restrict reading or writing of post or page according to the user's role (i.e. prevent non-registered users reading a post)
- Allow specific users to read or write a post or page
- Permissions are assigned directly inside the post itself - there is no additional interface
- Fully localized
This plugin works very well with Red Alt's excellent Role Manager plugin. If you are interested in using permissions then you will probably be interested in that too.
Installation
The plugin is simple to install:
- Download user-permissions.zip
- Unzip
- Upload
user-permissionsdirectory to your/wp-content/pluginsdirectory
You can find full details of installing a plugin on the plugin installation page.
Usage
Using the User Permissions is very simple. When you are editing a post or page a new form will appear to the right of the content:
When a role is enabled, all other roles are restricted. That is, if you give the administrator read and write access to a post then all other roles that are not enabled are restricted. If no roles are restricted then access is determined by the WordPress defaults.
The user section allows you to additionally specify user IDs (comma-separated) that are specifically allowed access. Any user listed here is allowed access, even if they are otherwise denied by their role.
If you restrict read access to a post then it is removed from the home page, search results, and archives, for anyone who does not have permissions. You can additionally define a post ID which will a restricted user will be redirected to should they attempt to view the post.
An administrator cannot be restricted.
Support
Please direct all support questions to the User Permissions support forum. Any support questions left on this page may not be answered.
Bugs & New Features
A full list of all bugs can be found in the User Permissions issue tracker.
A full list of all requested features can be found in the User Permissions feature tracker.
Comments
Nov 4, 2006 7:08 pm
This seems like a useful plugin, but I am having trouble getting it to work. When I edit a post, I set Roles to "Allow" and check a few boxes. But when I save the post all the settings in the permissions box go back to the default. Does that mean that it is not saving the settings?
I was trying to test whether or not the plugin will block an unregistered user from reading the posts.
I am using the latest Wordpress (2.0.5).
Nov 4, 2006 7:09 pm
Also, I just noticed that in the permissions box none of the users are listed.
Nov 8, 2006 11:46 am
does not work for me.
neither with role manager nor without.
Nov 8, 2006 11:51 am
sorry, please delete my previous comment....
of course it's possible to grant/revoke edit permissions,
it's only not possible to hide posts....
Dec 15, 2006 3:12 am
It does not work for me either. It just does not save the settings. After hitting Save or Publish it just reverts to the default ignore settings...
Dec 29, 2006 4:43 pm
It wasn't working for me either, so I had a dig around and found that "unserialize" needs to be called twice in "get_restrictions". Like all the best hacks, I have no idea why, but it works and that's all I wanted!
You can apply the fix by changing line 190 from:
return unserialize ($row->meta_value);
to
return unserialize(unserialize($row->meta_value));
Hope that helps.
Thanks for the plugin too, it's exactly what I was looking for!
Jan 10, 2007 11:55 am
This isn't working for me at all. The settings are not saved.
I have tried the 'unserialize' hack but that hasn't worked. You say that the 'edit_permissions' capability should be created with role manager but how do I do that?
Any ideas? It's perfect for what I need... if only it worked!
Jan 14, 2007 4:40 am
I have the same problem as Paxton i.e. I hit publish and the settings aren't being saved.
I tried Phil's hack and unfortunately that didn't seem to fix the plugin.
Please help fix this plugin - it is an amazing addition to the WP admin.
Thank you
Jan 14, 2007 5:24 am
okay, the per-post privilege settings seem to work great for 'Posts', but not at all for 'Pages'.
Suggestions?
(thanks again for writing much needed this plugin)
Jan 19, 2007 4:30 am
I agree, per-post privileges don't work for 'Pages'. I am using Wordpress 2.1 release candidate and need this plugin for our schoolhomepage.
Jan 26, 2007 6:16 am
argh. this is driving me crazy because this plugin seems to be perfect. it just don't work!
I tried Phil Newston's hint "line190: return unserialize(unserialize($row->meta_value));" in fact it made the permission settings save correctly. unfortunately this just hast no effect.
a page with a permission (ALLOW) for one special usergroup can still be seen by anyone ...
is it because auf my wordpress version? (2.0.7 - german as the 2.1 didn't work with "Role Manager")?
It would be great if anyone had an idea to solve this!
Bernd
Feb 1, 2007 4:13 am
erm.. perhaps I didn't understand the purpose of this plugin right.
I need to restrict specific pages and posts to certain Frontend(!) Users/Groups.
And this plugin only restricts the use of pages and posts for backend users? Sorry for this misunderstanding.
..hmm...isn't it somehow possible to transfer this model to frontend users as well?
Bernd
Mar 6, 2007 6:16 pm
Role Manager is now being actively managed by Thomas Schneider at
http://www.im-web-gefunden.de/wordpress-plugins/role-manager/
Current version works with WP 2.1
Jul 12, 2007 8:09 am
Yes, it doesnt work. It will not save the permissions that Ive selected. Each time I go back to the post, I can see that it has deleted my selections and revered back to ignore.
Jul 27, 2007 12:22 am
Hmn...Just wondering if it would be better to have a 'user' drop-down list for "Subscriber" "Author" ... since some blog may have hundreds of registered users. An ajaxified minimize and maximize the users list would also be good =P.
Aug 14, 2007 12:49 pm
This is great. Its almost exactly what I need... almost
Phil's hack worked for saving the permissions. Thanks.
I need to allow specifiic users to be able to edit pages. Has anyone come up with a hack that will allow this?
Thanks in advance!
Aug 14, 2007 4:07 pm
To make the permissions affect Pages, add the following after line 178:
case 'edit_pages':
break;
case 'edit_others_pages':
$restrictions = $this->get_restrictions ($args[2]);
if (is_object ($restrictions) && $restrictions->is_restricted ())
$all['edit_others_pages'] = 0;
break;
This will work for Roles but the list of Users doesn't appear for me to add per-user restriction.
Aug 16, 2007 3:34 am
this really looks like it should be built into wordpress, has anyone gotten it to work with the latest WP ?
It's not displaying the permission box
Aug 20, 2007 8:25 am
The plugin seems to want to work, but permissions do not get set upon saving a document via 'Manage Posts'.
WP 2.2.1
Aug 24, 2007 12:54 pm
Can't seem to get the sidebar box to appear at all in WP 2.2.1 - anyone have a trick for this?
Aug 24, 2007 1:20 pm
Marcus... I think this project is dead. While the plugin module appeared for me (on the actual 'post edit' page), the plugin isn't attached to any database. So I don't know how it is expected to work.
In both WP2.2.1 and 2.2.1 I can check the fields, but without a table, check selections are obviously not remembered.
I welcome anyone to show me the error in my ways... because I'd really like it to work.
Aug 24, 2007 3:50 pm
I seem to have the opposite problem, I can't see the fields, but it is creating a _permissions metakey and metavalue in the postmeta table, so it definitely can save data. I'm going to try and figure out how to fix it up so we can use it, I'll let you know if I get anywhere.
Aug 24, 2007 3:58 pm
Marcus. You can contact me through http://wordpress.obeidlab.com/contact-us . I'll let you see what is going on with our site... and maybe even help with a solution.
Aug 24, 2007 4:30 pm
Alright, I think I've fixed it. Still have to test to make sure the actual restrictions work, but I can see the form and the data saves correctly!
Fix #1 (aka why the sidebar box wouldn't show)
Line 111: Remove the space between can_restrict and the () like so:
if (Permissions::can_restrict() && ($authors = get_editable_authors ($current_user->id)))Fix #2 (aka why the data doesn't seem to save - it's actually saving but it's being read back incorrectly)
Line 190 Replace this:
return unserialize ($row->meta_value);With this:
$results = unserialize($row->meta_value);$results = unserialize($results);
return $results;
That should do it! Now to make sure the plugin actually does it's job!
Aug 27, 2007 12:12 am
Version 0.5 has been released which fixes all known problems and adds the ability to restrict reading of posts. Note that the way the plugin works has changed. Existing permissions will be automatically migrated
Aug 28, 2007 1:11 pm
Marcus- I tried your changes to the previous version of user-permissions but did not see any change in performance. I tried
$results = unserialize($row->meta_value);
$results = unserialize($results);
return $results;
both with and without surrounding {} (I assumed you meant to include them).
John- version .5 does not behave correctly. The only settings that took were to supply a user with both read and write. However, the result of this operation was to block ALL users from reading or editing the post... including the admin. I can give you access to my sandbox if you would like to see/test for yourself.
WP version 2.2.2
PHP version 4.4.7
MySQL version 5.0.27-standard
Sep 3, 2007 9:21 pm
Rich,
I've tested and retested version 0.5 but everything works fine for me. If you have a sandbox then send the details in an email and I'll take a look at what's happening
Sep 3, 2007 10:52 pm
Sent! Please let me know if you don't get it.
Sep 8, 2007 8:46 am
I'm curious as to the difference between User-Permissions and Disclose-Secret and if we are using User-Permissions do we even need Disclose-Secret ?
Sep 8, 2007 9:01 am
tested the 05 version and none of the permissions are working, any page with a permission selected can be access publicly
Sep 14, 2007 3:34 pm
Like the last poster, the plugin doesn't seem to work at all. It is activated, and I can set permissions and they are retained with a page or post, but even if I am not logged at all, I can still see and view pages / posts that are marked restricted as read for subscriber, etc...
Sep 17, 2007 12:57 am
Read permissions problem now fixed
Sep 25, 2007 12:35 pm
First of all, very nice plugin, that's exactly what I was looking for. Setting permissions works fine, but it seems that an administrator is still restricted when the role is not enabled.
I'm using Wordpress 2.2.2.
Sep 26, 2007 2:19 am
But it lacks non-subscriber!
Sep 26, 2007 5:45 pm
hi, thank u your for great plugin...i wonder how can change the page redirection to login page when user click on my restricted page...or just to put message "This page required user login" instead of redirect page to my homepage...thank u...=)
Oct 5, 2007 3:24 pm
I dont understanad the redirect section, why would one need this when the restricted pages are not viewable by specified user, if they can see the menu then there's no need to worry about them attempting to access it, this plugins makes the page visible only to the user defined
Oct 8, 2007 2:54 am
Alias, the redirect section is needed so that you can determine what happens when someone does try to access a restricted page (for example, redirect them to a login page).
LostInNetwork, you can create any role you want using the Role Manager plugin (detailed above).
Ming, enter the login page URL in the 'redirect' field
Martin, what permissions did you create to restrict the administrator?
Oct 17, 2007 7:52 pm
Any thoughts on making this plugin like the group restriction plugin ? i recently got rid of role manager and found that with group restriction, there's no need to use the user permissions plugin, but i like your plugin better unfortunately it doesn't create user groups
would be nice to combine al the best features from userpermissions, disclose secret and group restriction since they all are very similiar
Oct 18, 2007 3:25 pm
Hi,
I have installed your plugin on WP 2.3 and it seems to be set up but I cannot get it to restrict editing of specific posts. I want to have one person assigned to edit one post and another assigned to edit another post. But they can both view / edit the others posts under manage.
I have admin checked as 'W' write. The two users are 'editors' and I have nothing checked there. Then I have their respective USERID entered into the 'User IDs (write):' box below.
When I login under their accounts I can still see the other accounts post for editing.
I can send you login / pw if you want to check it out.
Maybe I am not implementing it correctly?
Thanks for your help - this seems to be a very useful plugin.
Regards,
Chris C.
Oct 23, 2007 10:20 pm
Alias, a role is effectively a group and you should be able to implement most grouping just by creating your own roles.
Chris, send me the login and I'll have a look
Oct 30, 2007 2:09 am
Just what I needed. Back to Ming's earlier question, more granularly - if I wanted to have this (redirection to the registration page) as the default behaviour, what would I need to change in the code? Also, how would I set default access levels for posts in the code (say - all as 'read', and 'write' up from Editor-level)?
Much appreciated!
Nov 7, 2007 9:30 pm
Mikko, currently there is no way to set a default set of permissions, nor a default redirection. I'll add this on to the list of new features for the future.
Nov 9, 2007 1:46 pm
Hi
if you were struggling with the issue of implementing pages that you wanted to restrict viewing access to, primarilly for non-subscribers of any sort, this worked for me:
Publish the page
1) Download Role Manager : http://www.im-web-gefunden.de/wordpress-plugins/role-manager/
2) Install & Activate plugin
3) Under users set up a new role called Non Subscribers
4) Under their capabilities don't select anything but just alllow role to be built
5) Set up a new page or sub-page ( I wanted to restrict reading of a sub-page)
6) In the permissions box select the permissions checking R or W against all the various roles accept for Non-Subscriber
7) Insert post to link to if someone clicks on the page - make the post friendly
and voila, although the sub-page heading maybe visible, if someone clicks on it that doesn't meet your criteria they can't see it. The sub-page can be hidden as well using http://codex.wordpress.org/Template_Tags/wp_list_pages#Exclude_Pages_from_List
Now working on posts
Nov 9, 2007 3:56 pm
I've noticed a major bug. If the last entry has permissions applied you'll get a 404 until a user is logged. As soon as turn off all on the last entry, all's well.
Nov 12, 2007 4:40 pm
Using Role Manager with this is major over-kill, not to mention using that plugin can mess up default permissions, I would like to see the User-Permissions be merged with the Group Restriction which is outstanding only it doesnt protect posts, just static pages but does it quite well.
Personally I absoutely hate the wordpress user setup ;)) would be nice to see this plugin not rely on the built in groups but instead have the ability to create new groups similiar to the group restriction plugin. How frustrating it is to have two great plugins but both missing what the other has Doh!!
Dec 6, 2007 1:07 pm
Hi,
Is it possible to set all right to try by default / as défault value ?????
Thanks
(french user)
Dec 14, 2007 2:56 am
Bug found:
Flagged a post to be restricted to R/W by Admin and Editor and to be R only by Author. Guest, Subscriber and Contributer have no access. UserIDs (read and write) ar left blank.
If the "Recent Posts" widget is in a sidebar it will display the contect in the sidebar(s) until it get's to th "Recent Posts" widget then ends in an error rather then displaying the titles of the any of the recents posts and also does not display any content in your target frame 9until you navigate to a different page or category. Remove the "Recent Posts" widget from your Theme and everything works.
We are displaying a Static home Page for a welcome.
WordPress 2.3.1, mySQL 4.0.18-nt, PHP 4.4.2
Dec 19, 2007 12:32 am
Steve, I can't recreate that problem. Do you have any more details?
Dave, I also can't recreate this problem. I am using the default theme with the recent posts widget and everything is displayed as expected. It's possible your problem is caused by another plugin or something in your theme. You could try changing theme, or disabling other plugins.
Jan 4, 2008 3:16 pm
Great plugin... But now none of my pages can be seen by unregistered users.
How do you set the permissions of normal visitors? If I allow every role to read a certain post/page, no normal visitors can access it. I've tried everything with the role manager plugin, but there is no way to specify the role of a non-subscriber. No one can view any of my pages! =S
Thanks for any help,
Daniel.
Jan 5, 2008 1:36 am
Hi, This plugin is exactly what I need,
I have not tried to edit it in any way, but I can't get it to work.
When I am editing a post or page a new form does not appear to the right of the content at all.
I have role-Manager plugin installed and working.
Jan 5, 2008 6:16 am
Hi,
Thanks for your plugin! It seems to be exactly what I have been looking for.
There is one issue with the categories:
I have a lot of private posts in many categories. So nobody can´t see the links to these categories.
But I would like to see them myself as soon as I log in. But Even as admin I only see links to the three categories containing published posts. I assume this is because the posts are "private" and I would need to publish them in wordpress in order to make
wp_list_cats('sort_column=name&optioncount=1&hierarchical=0');display all the categories.
But doing so will open the posts to everyone.
Is there a way around this?
Many thanks,
Walid
Jan 10, 2008 2:23 am
Daniel, if you don't assign any read permissions to a post then non-subscribers can read it
Mike, what version of WP are you using? Do you have any other plugins installed that might be interfering with this one?
Walid, you may have some luck using this plugin to remove read capability from the posts, but otherwise set them to published. You'll then need to modify your theme so that only you can see the category.
Jan 25, 2008 4:43 pm
Hello John,
I hope you are well.
This plugin looks perfect these days. The interface looks great now.
[bug report moved here]
In the meantime, we'd love to nail that one down so that our clients can't break it.
Have a good weekend, Alec
Feb 4, 2008 10:51 pm
Support forum is not working.
Can you give me a timeline for compatibility with 2.3.2?
Thanks!
Feb 5, 2008 12:45 am
You said an admininstrator cannot be restricted.
I limited a post to Module02 read only. Now I can see it when I log in as Module02 user - but cannot see it as Admin and cannot edit it as Admin.
Any cure for "losing" a post?
Thanks - this looks to be working fine with 2.3.2 so far.
Jeanette
Mar 2, 2008 4:37 pm
Great plugin man! One problem, I want to restrict a parent page from being edited, but allow all the subpages. Right now, restricting a page also restricts it's subpages. Or am I missing something?
Mar 3, 2008 12:26 am
I was mistaken - it's not working at all. Activating it and setting both R/W permissions removes all pages from non-admin users no matter what. I'm running WP 2.3.3 with php5.
Mar 3, 2008 5:58 am
Same problem we are having Jeromy.
Apparently John is working on it. In the meantime, we are rolling our own, but it's based on some edit templates we are using already.
Mar 16, 2008 7:53 am
Thanks Giraffe for this plugin ! After spending hours to find one who fits for my registered users needs, yours is exactly the perfect one ! Lots of plugins don'nt work good with latest versions of WP or make trouble when accessing "registered" page. I hope you will follow this plugin and make new update with new features !
Nice Job.
Mar 16, 2008 12:26 pm
Write permissions on pages is now fixed.
Mar 16, 2008 9:27 pm
Hey man - thanks for continuing work on this! I'm still having problem - I set permissions and save them for a page, but the permissions don't stick - upon 'save and continue' the page refreshes and all of my checkmarks are gone - on top of that, just activating the plugin disables page editing on all pages for anyone not an admin.
Mar 17, 2008 7:26 am
I can't reproduce that Jeromy, so you'll need to provide some more details over on the issue tracker
Mar 25, 2008 3:42 pm
Using this plugin, I can nicely restrict posts to different roles/users, but comment feeds (RSS2/Atom) will show all comments to everyone. Is there any way to restrict this to comments that are part of posts one is allowed to read?
Mar 29, 2008 8:23 pm
Hi The Giraffe !
I cannot see anymore the restriction menu with WP2.5, is this a known issue or a bad configuration from my WP ?
Apr 5, 2008 10:48 am
I have the same problem with wordpress 2.5 but only for pages (can't see the permissions menu when I want to write a new page or edit an old one) - for posts I still have the permissions menu. Is there something to do? Thanks!
Apr 6, 2008 4:44 am
i have the same problem as emma! I can only use "user permission" when writing posts, the "user permission" is not an option when writing pages...
Apr 28, 2008 11:57 am
hi there!
i was hoping that with the WordPress 2.5.1 update the pülug in would work again, but it doesn't! I still have the problem that i can not set any user permissions when writing pages....
May 6, 2008 1:11 pm
Hi there,
that seems like exactly what I am looking for. Is it compatible with the latest wordpress 2.5.1?
cheers,
George
Jun 20, 2008 12:24 am
Any chance we get an update working with WP 2.5?
Jun 22, 2008 4:13 pm
WP 2.5 version released.
Onno, the plugin does only show posts to appropriate people when viewed through RSS
Jun 29, 2008 10:24 am
How do I get this plugin to only work for users to edit only assigned pages ? I want the pages to be able to displayed for the public.
Jun 29, 2008 3:46 pm
Just wanted to thank you for the latest update
Works great!
Jul 1, 2008 1:27 pm
K, use the plugin as described above - it is designed to restrict edit access.
Jul 24, 2008 2:06 am
Hello, great plugin!
but in WP 2.6 it have a problem:
Fatal error: Call to a member function on a non-object in .../wp-content/plugins/user-permissions/user-permissions.php on line 94
thanks
Jul 24, 2008 4:53 am
I have the same problem
Fatal error: Call to a member function on a non-object in .../wp-content/plugins/user-permissions/user-permissions.php on line 94
Jul 27, 2008 11:37 am
Try version 0.8.1
Jul 27, 2008 8:04 pm
Thanks, but I try 0.8.1 - WP 2.6:
Fatal error: Call to a member function on a non-object in .../wp-content/plugins/user-permissions/user-permissions.php on line 95
Jul 29, 2008 12:02 pm
hi there,
i had the problem yesturday that my homepage was white! I deactivated all the plug ins and 1 byx 1 reactivated them! it turns out that the problem was in the user permissions plugin! i then took a look here and found and installed 0.8.1 but I still have the problem! I'm using word press 2.6 if that helps any...
thx although for a great plug in!
Aug 8, 2008 10:54 am
I'm getting the same error... any fix yet?
Aug 8, 2008 11:27 am
Well, I only got the Fatal error: Call to a member function on a non-object when I was installing in a subdirectory. It works fine in root directory.
Pings & Trackbacks
blog.bit-4-you.de, download.lacaterinca.com, grafikhocam.com, themey.com, worldarchivetr.com, aktifblog.com, bilgiservisim.com, cvladan.com, midasoracle.org, turkmecmua.com, wordpresscn.com, yilmazeres.com
Categories
Latest Releases
Contact & Support
Please feel free to contact me via the contact page. I'll try to answer as soon as I can!
If you find anything contained on this web-site to be particularly useful then consider helping out via the support page.
Feeds
Those all-important RSS feeds: