User Management
User Management
Administrators have access to manage users on the IHPME site, including manually adding people and pre-approving them for specific roles, as well as modifying roles/capabilities of existing users.
UTORid Accounts
Any account on the site with an @utoronto.ca or @mail.utoronto.ca email address can be accessed via UTORid. Attempting to log into one of these accounts via the wordpress login form automatically redirects to UTORAuth portal.
Currently, if someone logs in via UTORid and their email address does not match an existing account, a new subscriber-level account will be created for them automatically (note: subscriber users only have access to read private pages).
Non-admin users are barred from editing their user account profile, to avoid confusion with any public profiles they are assinged to, as well as avoid making changes that are rendered moot by UTORid, such as changing their password.
Access Control UTORids
All profiles, initiatives, and courses support a whitelist of UTORid email addresses and usernames, allowing any user with the matching UTORid access to edit that entry, and auto-assigned the corresponding Editor role (access to edit/delete posts they're assigned to only). This extends to courses and initiatives that list profiles a user has access to.
For example: Geoffrey Anderson's UTORid is listed on his Faculty Profile, which is in turn listed as an instructor on the course HAD2002H. This means he has access to edit both and will be auto-assigned the Faculty Profile and Course Editor roles to do so.
User Management
For information on general user management, consult the official WordPress documention.
Creating Users
To create a new user, select Add New from the Users menu or Users listing screen.
For simplicity, the username can be the same as the email address. Note that when creating a user for an @utoronto.ca or @mail.utoronto.ca email address, the account will be treated as UTORid-only and the password you set upon creation will never be utilized.
User Roles
The role field on the user create/edito form allows you to specify what sections of the backend the user will have access to and to what degree.
The available roles are as follows:
Core WordPress Roles
- Administrator: Able to manage all content on the site, alongside users, plugins, and settings
- Editors: Able to manage all content on the site
- Authors: Limited to publishing posts and events, only able to edit those they are the assigned author of.
- Contributor: Able to create draft posts and events, only able to edit those they are the assigned author of.
- Subscriber: Able to read private pages.
Current Custom IHPME Roles
- Award Manager: Able to manage all Awards.
- Course Manager: Able to manage all Courses.
- Date Manager: Able to manage all Important Dates.
- Dissertation Manager: Able to manage all Dissertations.
- Event Manager: Able to manage all Events.
- Initiative Manager: Able to manage all Initiatives.
- Job Manager: Able to manage all Job Postings, also currently granted Edit Page permissions to the Jobs page.
- News Manager: Able to manage all posts.
- Staff Manager: Able to manage all Staff Profiles.
- Student Manager: Able to manage all Student Profiles.
- Timetable Manager: Able to manage all classes in the Timetable.
- Alum Profile: Able to edit any Alumni Story they are the assigned author of.
- Faculty/Senior Fellow/Postdoc/Student Profile: Able to edit any corresponding profile they are assigned to (via author field or UTORid Accesss Control).
- Course Editor: Able to edit any course they are assigned to (via author field, UTORid Accesss Control, or connected Faculty/Fellow/Postdoc Profile).
- Dissertation Editor: Able to edit any dissertation they are assigned to (via author field, or connected Faculty/Fellow/Postdoc Profile).
- Initiative Editor: Able to edit any initiative they are assigned to (via author field, UTORid Accesss Control, or connected Faculty/Fellow/Postdoc Profile).
- Appointment Manager: Able to manage Facult, Fellow, and Postdoc profiles, also currently granted Edit Page permissions to the Academic Appointments section of the site.
- Human Resources: Able to manage all profiles.
- Form Editor: Access to create and manage Gravity Forms.
Creating Custom Roles
The site uses the PublishPress Capabilities plugin to create and modify user roles. To create a new role, select Add New from the Capabilities > Roles screen.
Once the role is created, you can then click the link in the box on the right hand side to open the capabilities editor.
Check off which capabilities from the various lists you want users in this role to have. Click Save Changes to apply the updates.
For more information on creating and modifying roles, consult the official PublishPress Capabilities documentation.
Permission Groups
The site also uses the PublishPress Permissions plugin to allow fine-grain access to select users, namely to allow users that don't normally have the Editor or Admin role to edit specific pages.
When creating or editing a user, you can check off which Permission Groups they belong to.
Current Custom IHPME Groups
- Program Manager: granted Edit Page access to the various Program pages along with any sub-pages.
The two Notifications groups are utilized by the PublishPress Revisions plugin to dictate who gets notified when revisions are submitted/published.
Creating Custom Groups
To create a new group, click the Add New button on the Permissions > Permission Groups screen.
Once created, the groups members and permissions can be managed on the Edit screen.
In most cases, you'll be assigning users as-needed to an existing group, rather than adding existing users to a new group. You'll also most likely be using permission groups to grant access to specific pages, rather than general lists of other content types.
For details on creating and managing groups, consult the official PublishPress Permissions documentation.
Granting Page-Specific Permissions
The Permissions plugin adds everal panels to the bottom of the Page editor for granting specific permissions to select roles, groups, or users.
The main one of use is the Edit This Page panel, which allows you to explicitly enable or disable editing capability of this page (and/or it's sub-pages). To grant edit permissions to a group, click on the Groups tab, and you can search for the group, or click Create Group to open the group creator form in a new window (once saved, the group should show up after a search for the name). Select the group, and you can then enable the permission for that group.
You can similarly do this for individual users, however, it is advised you use groups for this instead, as it's generally easier to maintain.
Once you've configured your desired permissions for the page, click Update to apply the changes.