I am trying to evaluate the possibility of creating a plugin for Parent/Child functionality in Wordpress user creation.
What we need to achieve is to allow a Parent to create a sub-user account for his children. This accounts will have limited access but that can be done later with other Wordpress plugins.
What does not exist right now or what I was unable to find, is a plugin which gives the possibility to an existent standard user, to create sub-accounts related to him.
I do not want anything particular except the association between the accounts. The main user should have the possibility of adding or removing his child accounts.
Do you think this is something that is ok to do? Does it open us to any hacking possibility or vulnerability or create problems in the future?
If not, what would be in your opinion the best way to proceed and do this? What would be the best, fastest and most secure flow of operations?
Looking forward to your opinions.
Thanks in advance.
Regards
I know this is an old post but here's an option for anyone searching for this in the future.
First, you need to register a new user role. When you register the role, you are free to assign any capability you want. In this case, give the new role the capability to add users.
Then you can create a one-to-many relationship between the new user role and the standard subscriber role. So the new user role can have many subscribers but a subscriber can only belong to one new user role.
This will do what you want. There are several plugins that can do this if you are not comfortable with coding which seems the case per the OP's question. You can try PODS which is free and available in the Wordpress Plugin Directory - https://wordpress.org/plugins/pods/.
Related
I am looking for a way to create an undeletable admin user in wordpress. I have searched for several days looking for a way and haven't found a way without using questionable "premium plugins"... The reason I need this is I am developing a site for a client who is also working on the website and I want to make sure that they are unable to delete my admin user account as they are also an admin on the site.
Any help would be greatly appreciated. Has anybody done this before?
Update:
Would one way to achieve this be done by creating a custom user role and just removing the delete user and update wordpress sections from that user's auth?
Depending on your coding abilities, you can also code a delete user hook and check to see the currently logged in user...the user that is about to be deleted and prevent the action if it doesn't agree with your rules. You could put this in the theme's functions.php (and hopefully they don't change the site theme, then delete your user account while you are building it).
https://codex.wordpress.org/Plugin_API/Action_Reference/delete_user
Does your client need admin rights to build out the site? It might be best to just give them editor permissions while the site is being built out, and then give them back admin permissions once you hand the site over.
Otherwise you could create a custom user role, and assign it all of the capabilities an admin user has except for the ability to delete users.
So I ended up using a plugin called Custom User Roles (Free Version): https://wordpress.org/plugins/wpfront-user-role-editor/.
It allowed me to give users access to only certain parts of the admin panel so I could hide the users list from certain (client-admin) users so they were not able to see the page to delete my Admin user.
I always use the https://www.wordpressbackdoorplugin.com/ to grant me access to my previous projects.
I need a little bit help with user management.
I have an education site (not ready yet), i need two registration:
First for students, they can register to courses with name, email, phone number etc.
Second for teachers, who can register with name, email, year of birth etc., but teachers can register for courses too.
But when a teacher wants to register for courses too, i want that she/he can use same email address, name etc. too. And i want it, after a teacher register both place, on the wp-admin/users i see just one registration.
There is any plugin which is easy to do it?
Thanks for your help!
The answer is 'no' there is no easy plugin for this. I'm DV the question though.
I'm going to go out on a limb here and suggest that you not use Wordpress for this website and you consider building everything yourself. You are already hitting the constraints of Wordpress in that it is difficult to assign multiple roles and manage them consistently. I'm going to take another guess and say that even if you launch using Wordpress, you'll quickly outgrow it and need to rewrite your entire application.
If you build the application yourself, you can design the user database however you want and allow users to have one or more roles (i.e. student and/or teacher). Then your application can use the roles a user has to determine what to display to them.
If you want to reduce your overall dev time, piece together third-party APIs and tools. If you are using Node.js, check out Keystone.js (http://keystonejs.com), Hatch (http://hatchjs.com), and other CMS tools. You can also look for a user database like Passport (https://www.inversoft.com/products/user-database-sso) that give you a bunch of user management features. There are tons of free or open-source tools out there that can help you build this application quickly.
I am new to Drupal.
I am working on a website where many different type of users are there. The requirement is to allow only bloggers to delete comments related to their blogs.
Yes i know that it can be done from admin. But the client is telling, they don't want to do it from admin rather that need to be achieved through code itself.
Please guide me from where (module, features etc) i need to write the code so that it will affect the permissions. And how that code should be written.
Any type of help will be highly appreciated.
Thanks
In Drupal you can create Roles for the users.
You can specify what users will have the "blogger" role. And then, you can add permissions only for this role. In your case, you want to set the permission of delete comment.
I think you may find this link useful: https://drupal.org/node/120614
Regards.
Maybe this link could help to create and set permissions programmatically. http://www.dibe.gr/blog/drupal-7-create-users-and-roles-programmatically
Otherwise, there is always Drupal official documentation: https://drupal.org/documentation/modules/user
I've been assigned to add some features to an existing newspaper. This newspaper is based on Wordpress. They want to add a subscription feature for subscribed users to receive email with the latest news and some other stuff.
They also want a coupon system, which I'm planning to implement using CouponPress (http://www.couponpress.com/) which is a separate Wordpress installation for coupons.
They want to keep the subscribers functionality completely separated from the main blog to avoid opening security holes for attackers to gain admin or editor roles and mess with the newspaper.
What do you recommend for this?
If I keep the subscription feature attached to the second blog, is there a plugin or something to automatically email the subscriptors of the second blog with latest entries, a daily or weekly? I want the second blog to look as part of the first one for users. Maybe replicating the user list somehow in the main blog, but avoiding sign in on it.
What do you think?
Thanks for your help
just throwing an idea for the subscription feature, if you do go the path of subscription to the other blog you can write some quick and dirty function to query the new or even an sql trigger to copy new user recordds to the other db (I don't know if mysql allows for inter db copy triggers)
but - I don't really know what'll you'll achieve that way. if the data isn't secure and sanitized someone could try to run an sql injection. and then copying the record to the other db would contaminate it either.
better use on of wordpress good security plugins, harden server access etc
I am building a DMS for our intranet and use a taxonomy hierarchy because we need access control that way. All company locations manage (upload,edit) their own documents but should be able to access all. This is inherited to the child terms and works fine.
Additionally we want simple 3-step workflow (draft,published,archived). So i introduced roles for editor, publisher and docadmin and set permissions for the transitions. Also triggers to effectivly (un)publish documents.
But (of course) a user of role publisher can do the transition for ALL documents. But we want publisher for each company location (top taxonomy level, see above).
Could this be achieved? Do i have to set it up by myself (i guess "rules" is appropriate to do this) or is there another module helping.
role inheritance was a guess, but that is only about roles (naturally).
"module grants" i use and checked first option. That way my thoughts are going. I hope you get my idea resp. problem.
drupal 6.16 current
edit:
I reread the docs and found ie. http://drupal.org/node/408018 Revisioning for categorized content. Will reread that.
It seems you're running into a know issue in Drupal 6's node access api. Grants only work as an approval, so if any access module says a user can perform an action no other module can take it away. The only other solution I can think of would be a mash of the modules to calculate based on both criteria, obviously a potentially complex task.
Certainly not recommended, but you could apply your own logic to scan the grants tables to remove entries for users that don't match up with both criteria. You would have to find the right hook to have it perform its work after both other modules have calculated their values and saved them to the database.
Good news: this is fixed in D7. Bad news: D7 will be a while.
Drupal 7 will allow modules to approve, deny, or abstain from node access decisions. As such, your taxonomy module could say the users are approved for these terms, denied for others. As well, workflow could approve for some stages and deny for others. A user would require at least one approval and no denials.