Controlling access to user lists

Define whether lists may be shown in public to non logged in users and whether they may be shown in the admin menu to users who do not have manage users capability.

Summary of access control options:

  • List overview settings:
    • ‘public’ lists (ie lists ticked ‘public’ in the settings) can be viewed by anyone
    • non-public lists can only be viewed by people with ‘list_users’ capability
    • ‘show in menu’ (v 4.48 upwards with matching amr-users-plus) will cause  that list to be shown separately in the admin menu under users for users with ‘manage_options’ and ‘list_users’ capabilities
    • if some lists are not shown in the menu, an ‘all lists’ submenu will show for users who have ‘manage_options’ capability
  • Users with ‘manage_options‘ or ‘manage_user_lists’ can create and edit user lists.

Define public lists for front end

User list overview settings
Who can see list with setting:PublicNot Public
Non logged in User
Subscriber
user with ‘list_users’ capability
user with ‘manage_options’
User List public setting

Define which lists appear in the admin menu

  • As per the screen shot above, use overview settings available when amr-users-plus is active to remove or select which lists appear in the admin side menu.
  • An all lists menu option is shown to users with ‘manage_options’ or ‘manage_user_lists’ capability.
Organise, sort with drag & drop, rename and renumber list
A menu option will list all lists

Define which roles see which lists in admin menu:

Who can see list in menu with setting:Show in menuDo not show in menu
Non logged in User
Subscriber
user with ‘list_users’ capability
user with ‘manage_options’
User List ‘show in menu’ setting (admin menu) available with amr-users-plus v3.2 upwards. If addon not acrtive, all lists will show in menu by default.

Registered Days Ago and Registration Date

There are two fields that show details of date of registration.  When the plugin started I wanted to see a human based ‘days ago’ view as I found that much more helpful to assess how long a user had been a member.

Thus that is the real wordpress registration date fields default formatting.  If one hovers over the field full details of the actual date will show.

It is also possible for you to write your own formatting function to format the date any way you would like.   For those people who are unable to write their own functions from the example and just want to display the registration date, there is a ‘pseudo’ field created which is called ‘Registration Date’ – it is not a real field though and does not sort well.

 

Days ago for registration date

Days ago for registration date

Registered days ago

  • real registration date field formatted using wordpress’s human time difference date time function
  • has hover text so you can see the actual date
  • will sort by date
  • will display the date in the csv extract

Registration date

  • pseudo field created on the fly in display only
  • doesn’t sort.  Sort by the ‘days ago’ field and then remove the display order to hide the field
  • doesn’t show in csv

Registration and days ago in excel

Registration and days ago in excel

Future

In the future there may be the possibility for one to choose from a range of formats. For  example I can imagine a number of possibilities:

  • a range of date formatting options using php date format options
  • human time diff, days ago
  • birthday (no years)

Roles, First Role, bbpress forum roles, s2member levels…

[2019 Note: Please watch out for major update.  First_role will be replaced by Capabilities/Roles.  There will no longer be a separate first_role field ]

Do users on your websites have more than one wordpress role ?

users with multiple roles

users with multiple roles – requires the amr-users-plus addon

On a basic wordpress install, a user usually has only one role.  At the simplest, many sites only deal with administrators and subscribers.

The free amr users user listing plugin will extract the first role found in the wordpress usermeta capabilities value and present that as the ‘first role’.  This is great for most installs, some may need more reporting possibilities.

WordPress does actually allow for users to have multiple roles.  Add in the bbpress plugin and possibly a membership plugin which may create it’s own set of roles in parallel to the wordpress ones (ie not instead of), then you may find a single user may have many roles even if you actually need them to only have one.

single role fields

single role fields

Depending how/when a user was created in the system, (converted? created before or after the forum etc)  they may/may not have a wordpress default role, they may just have a bpress role for example.     Even more confusingly the ‘first role’ may no longer be useful.  For example, someone may have been created as a forum participant with  while someone else may be wordpress ‘editor’ and then a forum participant.  The ‘first roles’ may then differ, when one might think that they should both have participant.

In such a case, other role fields may be  useful too.    The free amr users plugin will automatically extract all the roles it finds and present each as a field where the user either has a that value (1 or true) or does not.    One can use these to exclude or include users from the user lists, or to interrogate the db looking for users with multiple roles etc.

If you need more than that, then you need the amr-users-plus plugin.  It adds

  • a ‘roles’ field which will list in the one field all the roles a user has.   It also adds filtering functionality where one can do realtime selection.  This will work for any roles stored in the usermeta capabilities record.
  • a first bbpress forum role, in case you just interested in forum access only

Exclude meta keys, and delete them too

The latest update (3.9) adds a admin screen that allows you to

  • see and change which meta keys are excluded by default from the plugin and
  • exclude more meta keys
  • delete user meta records for selected metakeys (cleanup)
  • see totals of meta records for meta keys

This became essential for anyone using S2member, and handy for anyone using Advanced custom fields which seems to create additional hidden metakeys for every custom field.  Thisplugin will attempt to help you out by default excluding as many unnecessary fields as possible.  You can then update.

The S2member access cap times field is keyed by time, which means that as time goes by there will be more and more sub fields detected by amr-users and the fields and nicenames page will become impossible.

s2member access cap times

s2member access cap times field

This is clearly unworkable.  So a admin page to exclude meta keys was added. This page will also allow you to delete meta records. Be Careful!  This is a confirmation step, but no undo.

excluded meta keys

excluded meta keys

The “find fields and nice names” page has been updated to help highlight what’s going on.

new nice names

updated nice \names