Just some advice really. I am wanting to set up different schools (who may have more that one user) to access their own private areas where each school will have a list of policies - which when viewed can be downloaded. Normally Word or pdf.
Often they are fundamentally the same policies, Absence, Disciplinary etc but will be amended to suit each school.
Plan A - nearly setup.
I've been following these instructions and it all works pretty well https://toolset.com/learn/create-membership-site-wordpress-using-toolset-plugins/restricting-access-downloadable-files/
The only disadvantage really, is that it's managed through the backend by one individual overseeing all schools.
Plan B - not yet started. Thinking about as an alternative solution.
To perhaps give access to Schools and all Users of that School, so that they (or a manager) could upload their own files I could set up a Cred Form and use Access to control rights depending on roles. This would be instead of the solution in the linked file.
I can foresee disadvantages in this plan, i.e. name of files becoming duplicated (as they are likely to be called the same between schools), confidentiality of files if all uploaded to WordPress Media files, difficult to see in the backend which files belong to which schools (Plan A, files are grouped by category - but not sure how to do this programmatically when users uploading via the front end only).
Really my question is should I stick with Plan A (we can have someone who organises the backend), or attempt Plan B - bearing in mind I'm not a programmer.
Hi Lindsay,
Thank you for contacting us and I'd be happy to assist.
Based on what you've shared, I understand the main challenge that you're facing is to allow each school's admin, restrictive access so that he/she can't access files and content for the other schools. And this remains the same whether you keep the plan A or switch to plan B.
To overcome this, you can make sure that these users ( school admins ) are never allowed to access the backend admin area of the website in the first place. The only operations that I can foresee for these users would be to manage the school's profile, add/edit content and manage downloadable files and all of these can be achieved from the front-end using Toolset Forms.
There are a number of third-party plugins, guides and code snippets available online to restrict backend admin area access:
hidden link
https://wordpress.org/plugins/controlled-admin-access/
After that, the decision to use "WordPress Download Manager" plugin (plan A) or not (plan B), would pretty much depend on the factors like:
- whether you or your client can manage to allocate a resource to manage all the school files from the admin area manually (plan A) or would like school admins to perform this from the frontend Toolset forms on their own (plan B).
- since school admins won't be able to access the media library without the admin area access, it would be hard to guess the URL of files from other schools, but it will still be possible for users to share the link of those actual files with one another if you'll choose the plan B, where "WordPress Download Manager" plugin is not used to restrict the file access. Again, it is a question of how sensitive the content of those files are and how important it is for the project that only users logged-in with proper user role can access those files.
Note: From the documentation, it seems that the "WordPress Download Manager" plugin does offer its own set of features to allow managing downloads from the frontend and you can consult their official support team to learn more about that.
hidden link
I hope this helps and please let me know if you need any further assistance around this.
regards,
Waqar
My issue is resolved now. Thank you!