Least privilege user for wp-discourse on a multisite installation

gica78r · January 4, 2021, 9:15pm

Hello all! I think this is my first post on the Discourse forum, I hope to post in the right place.

I’m configuring Discourse to manage the comments of a WordPress Multisite installation. I activated the wp-discourse plugin at the network level, so that every site owner on the network has the ability to publish their posts on the Discourse forum and have comments for their posts. I have created a dedicated category (called “Blog Posts”) on the forum for the posts published via WordPress.

In the plugin configuration at the network level I inserted the generated API key and the ‘system’ user as the user that will post on the forum.

The problem now is that a site owner, when configuring Discourse for his own site, is able to select every forum category to post their article in. I would like to force the site owner to send his posts only on the “Blog Posts” category.

To accomplish this, I think I have to configure a dedicated user on the forum with the minimum privileges as possible, allow this user to only create new posts in the specified category and then generate an API key for this user to use in the wp-discourse plugin settings.

Is it possible to do so? Any suggestion?

Thank you

angus · January 7, 2021, 8:25am

Hey there @gica78r and welcome

Currently, you can’t restrict site admins in a multi-site network to a specific category in the publishing settings in the Wordpress plugin. The mutlisite publication settings are only those you see in the plugin’s multi-site config.

You could potentially achieve this in the way you’ve suggested, i.e. with a user who only has permission to post in the relevant category, however this strikes me as something to address through site admin relationships rather than through a technical restriction.

i.e if someone has access to a wordpress site admin in your network shouldn’t they should be a highly trusted user? Are you currently having an issue with your site admins changing the category, or is this something you’re worried about happening?

gica78r · January 7, 2021, 1:36pm

Hi @angus,
Thank you for your reply!

I’m 'still in the set-up process of my WP network, so there are no trusted or untrusted site admins. In my plans, the network will be opened for everyone to create a site in it, so I would like to minimize errors in the plugin settings by the site admins.

Here I found something useful, but not yet tested with WP-Discourse: