Controlling access to user lists

The amr-user plugin offers wordpress capability control of access to users lists.  In wordpress roles have capabilities, and the capabilities determine what the users can do.  User lists can also be tagged as ‘public’ so  that a viewer with no role can see the list if used on the front end.

Summary of access control options:

  • public lists (ie lists ticked ‘public’ in the settings) can be viewed by anyone
  • non-public lists can only be viewed by people with ‘list_users’ capability
  • manage_options‘ or ‘manage_userlists‘ (custom capability) can create and edit user lists.

Tailoring access to the lists for roles:

If you want to isolate the ‘manage_userlists’ capability to a non-administrator and you don’t already have a plugin to do that for you, something like Justin Tadlock’s Members plugin is useful.

Roles, First Role, bbpress forum roles, s2member levels…

Do users on your websites have more than one wordpress role ?

users with multiple roles

users with multiple roles – requires the amr-users-plus addon

On a basic wordpress install, a user usually has only one role.  At the simplest, many sites only deal with administrators and subscribers.

The free amr users user listing plugin will extract the first role found in the wordpress usermeta capabilities value and present that as the ‘first role’.  This is great for most installs, some may need more reporting possibilities.

WordPress does actually allow for users to have multiple roles.  Add in the bbpress plugin and possibly a membership plugin which may create it’s own set of roles in parallel to the wordpress ones (ie not instead of), then you may find a single user may have many roles even if you actually need them to only have one.

single role fields

single role fields

Depending how/when a user was created in the system, (converted? created before or after the forum etc)  they may/may not have a wordpress default role, they may just have a bpress role for example.     Even more confusingly the ‘first role’ may no longer be useful.  For example, someone may have been created as a forum participant with  while someone else may be wordpress ‘editor’ and then a forum participant.  The ‘first roles’ may then differ, when one might think that they should both have participant.

In such a case, other role fields may be  useful too.    The free amr users plugin will automatically extract all the roles it finds and present each as a field where the user either has a that value (1 or true) or does not.    One can use these to exclude or include users from the user lists, or to interrogate the db looking for users with multiple roles etc.

If you need more than that, then you need the amr-users-plus plugin.  It adds

  • a ‘roles’ field which will list in the one field all the roles a user has.   It also adds filtering functionality where one can do realtime selection.  This will work for any roles stored in the usermeta capabilities record.
  • a first bbpress forum role, in case you just interested in forum access only