Community Support Forums

Sorry if this isn't the appropriate place for this, but I'm considering using S2Member Pro for a particular purpose, and I need confirmation/advice as to whether it can handle the project before we dive in and spend time coding a proof-of-concept using S2Member.

Here's an overview:

We are using Wordpress to rapidly build out a corporate leasing site for a new client of ours. We have taken over the job after 2 years of broken promises from a prior developer, so rapid, quality development is critical.

Anyhow -- the bottom line is that in our site, the idea is that existing tenants renting offices in over 500 client-managed properties (buildings) would drill down to a public property detail page to access property details (for which the data points would be provided by a custom WP plugin we'd develop).

Some of the content on these tenant property detail pages must be protected (specifically downloads of PDF Tenant and Construction manuals, which should not be available to the general public). We have no need of PayPal functionality, but importing of existing users is crucial, hence the Pro version.

There would be 3 access levels:

1) Basic Site visitor (all public content only)
2) Tenant Contact (public content, private links & tenant manual)
3) Building management (public content, private links, tenant manual & construction manual)

I'm concerned about the following:

1) the ability to link users to buildings: Since each building would have different PDF tenant & construction manuals, etc., how might we be able to easily attach tenants (users) to the correct buildings (and thus the correct protected content?), especially if this content is not static, but generated via a property search via our custom plugin and ensure that they cannot access w/o proper (S2Member) login credentials? Could we use a URI fragment such as "Tenant Manual" combined with a GUID or is there a more elegant way?

2) What secure technologies are protect the passworded area?

3) Our 1000+ members are dovetailed into the same membership DB as our site admins, yes (no?) how can we ensure that they cannot accidentally gain access to the WP admin pages (prevent a PHP injection, etc.)

I'm fairly sure that this is all possible with S2Member -- I just need to make sure that it will be an easy process for our clients to add users to the correct properties with the correct permissions.

Any help would be appreciated!

Thanks!

Jesse Gold
IT Director H2Central Marketing & Communications
jessegold@gmail.com

Hi Jesse. Thanks for your interest, great questions. I'll answer as many as I can and ask Jason to take care of the rest.

1) Basic Site visitor (all public content only)
2) Tenant Contact (public content, private links & tenant manual)
3) Building management (public content, private links, tenant manual & construction manual)

Those would correspond to s2Member levels 0 (or none), 1 and 2. In s2Member. Levels have an incremental access quality, where each level has access to content at its level and below, but not above. So you'd protect the content like this:

1) Content is public by default, so any content you want to keep public you'd leave alone without adding restrictions. If you want to require someone to have an account, even if free, and be logged in to see something, then restrict it at Level 0 (Subscriber).

2) The content for this level would be restricted at Level 1: private links and tenant manual. Since a user at Level 1 is above Level 0 and Guest (not logged in), he'd also be able to access the content for those.

3) The content for this level would be restricted at Level 2: construction manual. Since a user at Level 2 is above the others, he'd also have access to the content restricted at the levels below.

1) the ability to link users to buildings: Since each building would have different PDF tenant & construction manuals, etc., how might we be able to easily attach tenants (users) to the correct buildings (and thus the correct protected content?), especially if this content is not static, but generated via a property search via our custom plugin and ensure that they cannot access w/o proper (S2Member) login credentials? Could we use a URI fragment such as "Tenant Manual" combined with a GUID or is there a more elegant way?

You can tie accounts to specific content custom capabilities. These will give you a better idea of what they're about and they can be used:

http://www.s2member.com/custom-capabilities-video/
http://www.s2member.com/client-portals-video/
WP Admin -> s2Member -> API / Scripting -> Custom Capabilities
WP Admin -> s2Member -> API / Scripting -> Custom Capabilities & Member Level Files

2) What secure technologies are protect the passworded area?

3) Our 1000+ members are dovetailed into the same membership DB as our site admins, yes (no?) how can we ensure that they cannot accidentally gain access to the WP admin pages (prevent a PHP injection, etc.)

Well, the members are in the same database as the admin, yes. s2Member uses WordPress' users system. The difference between them is the role assigned to the user, which is defined by capabilities. You will get a better idea of this using the User Role Editor plugin. https://wordpress.org/extend/plugins/user-role-editor/


I hope that helps.

Thanks for the heads up on this Cristián.
I'll add a reply to this thread shortly as well.

Thanks for your patience.
I apologize for the delayed response.

1) Basic Site visitor (all public content only)
2) Tenant Contact (public content, private links & tenant manual)
3) Building management (public content, private links, tenant manual & construction manual)

This looks good. Seems like Levels #1, #2, #3 might work in this scenario. Either that, or you could use Custom Capabilities if you prefer. There is a video at s2Member.com which covers Custom Capabilities in detail for you. Also, in the latest release of s2Member v110710 we added support for unlimited Levels ( requires s2Member Pro ).

1) the ability to link users to buildings: Since each building would have different PDF tenant & construction manuals, etc., how might we be able to easily attach tenants (users) to the correct buildings (and thus the correct protected content?), especially if this content is not static, but generated via a property search via our custom plugin and ensure that they cannot access w/o proper (S2Member) login credentials? Could we use a URI fragment such as "Tenant Manual" combined with a GUID or is there a more elegant way?

Custom Capabilities would offer you the greatest flexibility on a per-User basis. You may also be interested in some of s2Member's Query Conditional functions made available with our API. These would allow you to perform scans against the current User's set of permissions/Capabilities, within your custom plugin. You will find further detail on these in your Dashboard, under: s2Member -> API Scripting -> Query Conditionals. Just let us know if you have specific questions/concerns about anything.

* Yes, Custom Capabilities, and also Custom Fields can both be imported/exported with s2Member Pro.

2) What secure technologies are protect the passworded area?

For an overview, it's probably easier if you look at one of s2Member's security certificates, available in all versions of s2Member. Here is a demo certificate that provides the detail you're looking for I believe.

3) Our 1000+ members are dovetailed into the same membership DB as our site admins, yes (no?) how can we ensure that they cannot accidentally gain access to the WP admin pages (prevent a PHP injection, etc.)

Yes, that is correct and this works nicely. Please see: s2Member -> General Options -> Profile Modifications. For the added security you're looking for, there is an option in that section which, if enabled, will lock all "Members" out of all /wp-admin/ areas for you automatically.

I'm fairly sure that this is all possible with S2Member -- I just need to make sure that it will be an easy process for our clients to add users to the correct properties with the correct permissions.

I don't see a problem. However, if you choose to use Custom Capabilities, teaching your client how to add Custom Capabilities on a per-User basis will help. You can click [Edit] next to a User in your list of Users and then add comma-delimited Capabilities in the s2Member Profile section toward the bottom.