Post Access Control (Starred Passwords)

Thu, 20th July 2006

A plugin for WordPress 2 to provide fine-grained and broad-brush access control over your posts, using the existing password-protection system, custom post meta-data and options.

Download this (beta) plugin at WPPlugins.org.

Read on if you want to know how it came about and how to make use of it.


Paper notes, first drafted May 3rd, 2006

WordPress Passwords

The WordPress post password field is 20 characters. If a password is set against a post and a reader does not have the correct password cookie, the post content is replaced by a password entry form. This occurs wherever the post is retrieved, including the homepage. Additionally, the post title is prepended with Protected: in lists.

1. Modify the WordPress loop query so that password-protected posts are eliminated by default except to logged-in users.

Starred passwords

Specify a password in such a way that recognised people do not need it, so never even know the protection exists.

Notation; ‘*’, a short password (3-5 letters), ‘*’, up to 15 letters of access control specification
Examples;

*abc*
Make this post accessible to the anyone with the password abc (overriding the default of hiding all protected posts)
*xyz*guests
Post may be viewed by all guests and higher without entering password
*123*admins
Post may be viewed by admins without the password,
*mno*3,4,5,11,23
Only the specified user IDs can view the post without a password
*216*-42
Only the specified guest ID can view the post without a password
*def*@option-name
Get access control from WordPress option option-name
*999*@post-meta-name
Get access control from the post meta data under key post-meta-name

2. Modify loop query to include posts with starred passwords then filter according to access control specifications.

The rationale for the stars is twofold; they provide an easy pattern for recognition (human and computer) and, if the access control plugin is disabled, the posts are still protected although visible again.

This can also selectively unprivatise posts, making them visible and accessible to selected people.

3. Provide user interface

This can turn certain posts into diary rooms, one-to-one commentary between the post author and another.

One Response

  1. Libertus said: August 8th, 2006 at 12:44

    You can also use

    *…*users
    Any signed-in user.
    *…*contrib
    Signed-in users of level 1 and above only
    *…*author
    Signed-in users of level 2 and above only
    *…*editor
    Signed-in users of level 7 and above only
    Reply

Leave a Reply

You may also log in to post a comment.

XHTML:

If you want to <q>tag</q>, please balance these; a, i, em, b, strong, u, blockquote, q, ul, li, ol, abbr, code, pre, sub and sup.