Is there a way (plugin?) to restrict a user to being able to edit just one page?

1 Views

We use wordpress like a CMS and would very much like to allow users to have a “homepage”. Ideally they’d be prevented from mucking up the whole site.

Is there a simple way to limit users editing rights to a single page?

Read More

I’m currently using the Members plugin to do other permission-based stuff, so it’d be great if a solution could either neatly augment this, or replace it entirely.

Bonus points for automatic creation of a homepage when a new user is created.

UPDATES: I should clarify that these pages need to be confined to a specific area of the site (i.e. all children of the same page). Also, after speaking to some users it seems that they’d find it useful to create sub-pages branching from their home page.

Post Views: 1

Related posts

Leave a Reply

8 comments

  1. A base WordPress installation probably won’t do what you want it to. You could set up a multi-site instance and allow users to have their own ‘sub’ site, or use something like BuddyPress or Mingle that has a user profile feature.

  2. Sorry to do this, but I stumbled across the answer in the wordpress forums.

    It turns out that Role Scoper does this really well. The author of that forum post said it best:

    To enable a user to edit one particular page, but not anything else:

    1. Give them a WordPress role of Subscriber
    2. Manage > Pages > Edit their page
    3. Expand the “Editors” tab under “Advanced Options”
    4. Check the non-braced checkbox to the left of your user’s name (if child pages will be created, also check the braced checkbox {[]}, which assigns the role for all current or future child pages)
    5. Save the Page

  4. The User Access Manager Plugin will do this for you, all the other approaches are much too complicated. UAM is just easy, setup groups and assign the group to your sub-pages, ready.

  6. The sollution implys that you have disabled the editing of “normal” post types (post, page).

    It’s not as hard as you might believe. The key is the user login name. The same could be done with taxonomies or even terms.

    See the following (there’s an example for a query too):

    // 1st: Add a post type for that user with it's 
//   user login & according capabilities 
function create_user_home() {
    global $current_user;
    get_currentuserinfo();

    register_post_type(
        'home_of_'.$current_user->user_login,
        array(
            'public' => true,
            'capability_type' => $current_user->user_login,
            'capabilities' => array(
                'publish_posts' => 'publish_'.$current_user->user_login,
                'edit_posts' => 'edit_'.$current_user->user_login,
                'edit_others_posts' => 'edit_'.$current_user->user_login,
                'delete_posts' => 'delete_'.$current_user->user_login,
                'delete_others_posts' => 'delete_others_'.$current_user->user_login,
                'read_private_posts' => 'read_private_'.$current_user->user_login,
                'edit_post' => 'edit_'.$current_user->user_login,
                'delete_post' => 'delete_'.$current_user->user_login,
                'read_post' => 'read_'.$current_user->user_login,
            ),
        )
    );
}
add_action( 'init', 'create_user_home' );

// A query could be done like this:
wp_reset_query(); // to be sure

global $wp_query, $current_user;
get_currentuserinfo();

$query_user_home = new WP_Query( array(
    ,'order'        => 'ASC'
    ,'post_type'    => 'home_of_'.$current_user->user_login
    ,'post_status'  => 'publish'
) );

if ( $query_user_home->have_posts() ) :
    while ( $query_user_home->have_posts() ) : $query_user_home->the_post();
        // check for password
        if ( post_password_required() ) :
            the_content();
        elseif ( !current_user_can('') ) :
            // display some decent message here
            return;
        else :

            // here goes your content

        endif;
    endwhile;

else : // else; no posts
    printf(__( 'Nothing from Mr./Mrs. %1$s so far.', TEXTDOMAIN ), $current_user->user_firstname.' '.$current_user->user_lastname);
endif; // endif; have_posts();

wp_rewind_posts(); // for a sec. query

    With taxonomies this would even make more sense, because you could query only the posts that are tagged with terms from this users taxonomies, but that would need a post meta box with the users taxonomy terms. The condition would be the same: user login name and you’d just add the taxonomy:

    function create_user_tax() {
    if ( current_user_can("$current_user->user_login") ) :
        global $current_user;
        get_currentuserinfo();

        $singular = $current_user->user_login;
        $plural = $singular.''s';

        // labels
        $labels = array (
                 'name'         => $plural
                ,'singular_name'=> $singular
            );

        // args
        $args = array (
             'public'               => true
            ,'show_in_nav_menus'    => true
            ,'show_ui'              => true
            ,'query_var'            => true
            ,'labels'               => $labels
            ,'capabilities' => array(
                'manage_'.$current_user->user_login
            )
        );

        // Register
        register_taxonomy ( 
             $current_user->user_login
            ,array ( 'post', 'page' )
            ,$args
        ); 
        // Add to post type
        // you can even add your current user post type here
        register_taxonomy_for_object_type (
             $current_user->user_login
             ,array ( 'post', 'page', 'home_of_'.$current_user->user_login ) 
        );
    endif;
}
add_action( 'init', 'create_user_tax' );

    The placement of capability check (current_user_can) could be somewhere other too. Depends all on your specific needs.
    Just to make this sure: These are examples to guide you on your way to a sollution. Hope that helps 🙂

  7. I’ve done something similar with “members”, a custom post type, and a manual assignment of author rights to a specific member, since it’s a small group website, but I do remember reading in some buddy press support thread that it is possible to hook into the signup process, so I suppose it would be possible to automatically create a page/custom post type per user on signup and assign that specific page to the newly created member as homepage. I also added Scribu’s front-end editor and blocked the backend to the members who aren’t admins. You can probably also add a redirect on signup so new members are redirected to their page (which, I suppose, could have some default content).

    I’ll see if I can find that buddypress support thread.

    Addendum – there is a bug in the author selector on the edit post field. It currently doesn’t use the standard permission system, which may make the members solution more difficult (although it will probably work if the author is assigned on page-creation). There is a patch in trac, but I don’t think it’s been applied to the core yet.