I’m trying to set up a wordpress site using active directory authentication.
One question that has come up is the ability to limit category/post/blog reading to specific AD groups.
I’ve never seen this done and I haven’t been able to find any plugins that seem to promise this functionality. It would seem that the best option is to just give a bunch of users a role with the read_private_posts capability, but I’m not sure this will do the trick.
2 Answers
I think this should definitely be doable. I think I would first try to get one of the LDAP authentication plugins — like Simple LDAP Login or LDAP Login Password and Role Manager — working, and then write a small custom plugin to handle the content authorization.
Here’s a rough outline of the custom plugin’s main logic:
function checkContentAuthorization( $content )
{
$authorization = array(
'ldap group 1' => array(
'authorizesCategories' = array( 1, 14, 83 ),
'authorizedPosts' = array( 53, 48, 23, 432 )
),
'ldap group 2' => array(
'authorizesCategories' = array( 54, 9, 34 ),
'authorizedPosts' = array( 48, 13, 29, 93 )
),
)
if( is_category() )
{
if( !in_array( $currentCategoryID, $authorization[ currentLDAPUser->groupName ][ 'authorizedCategories' ] )
$content="Access denied";
}
elseif( is_single() )
{
if( !in_array( $currentPostID, $authorization[ currentLDAPUser->groupName ][ 'authorizedPosts' ] )
$content="Access denied";
}
return $content;
}
add_filter( 'the_content', 'checkContentAuthorization' );
Obviously that’s a stripped down version and there’s a lot of details to fill in, but actually writing the plugin itself would take at least half a day. That should get you pointed in the right direction, though.