I’m from a Moodle background, which would have to be the ultimate tool for selective user access. Inherent to a Learning Management System (LMS), as compared with a Content Management System (CMS), in the LMS roles are context-based. Simply put, a user can have very low access in one or more areas of the site, and very high access in others – (e.g. a person can be a teacher in one course and a student in another). I have, in some circumstances used Moodle precisely for this purpose rather than for its pedagogical functions.
These functions are called UAL – User Access Levels, or they may also be referred to as Role-based permissions.
In WordPress, user access is generally split between three levels – public, logged in, and adminsitrative. As of Joomla 1.6 this CMS has also been given more control in user access levels.
More specifically the WordPress UAL Table would be:
- and public of course
The trick is that this applies site-wide (excepting for the additional functionality of private pages).
Here are articles on WordPress UAL plugin strategies extending this:
- http://johnnasta.com/blog/2009/wordpress/wordpress-cms-user-access-levels/ by John Nasta
- http://wordpress.org/extend/plugins/members/ by greenshady (Justin Tadlock)
I’m exploring this as well, but I have Moodle as a backup – in which case I’d use Moodle 1.9 most likely rather than 2.x – (why?).
I’m settling on Justing Tadlock’s plugin, manly because I get some confidence from his documentation and how other people have responded.
Here’s his blog post explaining how users, roles and capabilities work in WordPress. The fact that he explained this prior to releasing his “members’ plugin speaks volumes, I think, about his desire to do things right.
In particular he explains the non-heirarchical nature of roles in WordPress as opposed to Joomla (I believe) but similar to Moodle (although Moodle adds the concept of context-based capabilities).
Here’s his Members WP Plugin readme.html for the plugin.
Risks and Mitigation
I do believe though, that the risks associated with something going wrong on your site multiply with the complexity of added plugins. So if you’re managing a large e-commerce site with added ShadowBox, ShortCodes etc, etc,, for example, you might want to think twice about adding a plugin that mucks about with roles and permissions. Rather, if you want to add a members section, it might be safer to add a separate installation of WordPress to your site for this purpose. Yes, it adds inconvenience but that might be worth the mitigated risk. I’m going to try it this way first for a client’s site.