WordPress.org

Make WordPress Core

Opened 6 years ago

Last modified 9 months ago

#32085 new enhancement

Less ambiguous dashboard access. Suggested new capability: access_dashboard

Reported by: archonic Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1.2
Component: Role/Capability Keywords:
Focuses: Cc:

Description

Wordpress makes the assumption that the theme (or some plugin) may not provide a place for users to edit their profile, and lets any registered user access the dashboard to do so. It's a decent assumption to make. While it creates a jarring "did I just leave the site?" experience, you can't assume the theme or some plugin will accommodate updating profiles.

There are a host of other plugins that rely and build upon this assumption. Vendor Products (a paid Woocommerce extension) assumes users of any role have access to the dashboard, to let users identified as vendor admins (by its own means) manage products. There's an LMS which makes the same assumption to let teachers manage quizzes and such. I'm sure many other plugins make that same assumption.

I recently discovered that WooCommerce relies upon the edit_posts capability to determine if a user should be able to access the dashboard vs getting redirected to "my account". This keeps customers on the front-end, which is valuable, but breaks a host of other plugins which assume any registered user can access the dashboard.

Overuse of the edit_posts capability to determine some level of admin access is a different discussion (worth having!), but it seems obvious to me that a new capability should be introduced to specifically target accessing the dashboard. This is certainly a Woocommerce issue, but I feel an access_dashboard capability would remove the ambiguity around... well, accessing the dashboard.

This would also let WP admins have refined control over letting their users access the dashboard vs staying on the front-end. Buddypress for example provides a front-end profile editing template. Under Buddypress settings, there could be a checkbox for allowing users to access the dashboard. Unchecking it would keep subscribers on the front-end. WooCommerce also provides front-end account management and could have the same approach. Users without these plugins could also just use a plugin like User Role Editor to remove the access_dashboard capability from subscribers to keep users on their front-end, or achieve the same result with 4 lines in their functions.php.

Change History (2)

#1 @DrewAPicture
6 years ago

  • Component changed from General to Administration
  • Focuses administration removed

#2 @valentinbora
9 months ago

  • Component changed from Administration to Role/Capability
Note: See TracTickets for help on using tickets.