Laying out the road for a content restriction plugin.
The commission
I’ve been tasked to implement a content restriction system that should allow for each post type (posts, pages and custom post types) to be visible by none, some or all the users.
The plugin market satisfies the need already (see Pippins Plugins Restrict Content Pro for example) so, was I in a rush to have it done, that’s the road I would walk; luckily I’m given a loose deadline and a free hand to tinker and experiment and am willing to do so.
Requirements
The plugin should allow for any post of any type to be optionally visible and accessible (archives and single templates alike) to some users only having a situation where a supporteruser might see and access only some post, pages and announcements. There’s a possibility for content to be visible and accessible on a geographical base having, as an example, some Chinese language posts not made accessible to Italy based users.
The access restriction would default to “anyone can see anything” and become more strict as content editors see fit allowing for rules of this level of complexity to be put into place:
Only show this page to users with the supporter role, having more than 18 years and visiting from China.
Users groups are not in the commission but I see no point in leaving the possibility behind allowing for rules like this one to be applied to a post:
Only show this event to users from the “HackerZ” group
I still have not chosen a user group framework to target but am considering the possibility.
High level
I’d like to implement the plugin using TDD techniques and with a possibility for future expansion open and have thought about a modular structure leveraging post taxonomy terms to have an easy and flexible system in place that will lend itself to both single template and archive (or loop) queries as well.
In high level terms a user will have a set of terms it can access and each post a set of logical AND joined taxonomy terms that are required for the user to access it, to use the first example from the previous paragraph:
Pages will be restricted using the “use role”, “age” and “region” taxonomies
And a user will provide none or more terms for each restriction taxonomy to discern if she can access a post or not
Luca has the “supporter " “user role” taxonomy term, the “over-18” “age” taxonomy term and the “Italy” “region” taxonomy term. As such he will be able to access a post that’s accessible to “any” user role, “over-18” age and “Europe” region users.
Each taxonomy restricting a post will have a list of terms that can be fetched for a user be it from user meta values, a user role or any other interpolation and that will decide if a user is able to see a post or not.
For each post an optional description and title should be available to show something, like a preview, to a user when access to a post is forbidden.
Administrators of the site should be able to decide which restriction criteria will be available to restrict posts and, for each restriction taxonomy that will be applied to a post, what the default value(s) will be; hierarchical taxonomies will be supported.
Differently from standard taxonomies restriction taxonomies terms will not be available for any user to edit being those programmatically added and set.
Next
I will lay down a draft code and push to GitHub with some tests in place.