=== DashOrgNicer Feature Manager ===
Contributors: anandhunadesh, phaseswpdev
Tags: admin, roles, capabilities, dashboard, menu
Requires at least: 6.4
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Disable or role-restrict WordPress admin features and menus.

== Description ==

DashOrgNicer Feature Manager helps you clean up the WordPress admin by disabling or restricting features for specific user roles.

* Disable features your site does not need (for example, Posts on a brochure site)
* Restrict admin menus to specific roles
* Enforce access through menus, capabilities, direct URLs, and REST API
* Auto-discover custom post types, Settings sub-pages, and plugin admin pages
* Per-screen Settings access control, Plugin Pages control, and site-wide General toggles
* Reflect WordPress native role capabilities in the settings UI

DashOrgNicer Feature Manager is intended for site owners, agencies, and teams who want tighter control over what appears in wp-admin for each role.

== Installation ==

1. Upload the `dashorgnicer-feature-manager` folder to `/wp-content/plugins/`
2. Activate the plugin through the **Plugins** menu in WordPress
3. Go to **DashOrgNicer Feature Manager** in the admin menu to configure feature access

== Frequently Asked Questions ==

= Who can access DashOrgNicer Feature Manager settings? =

Users with the `adftmgr_manage_settings` capability (Administrators on a default install).

= Do restrictions apply to administrators? =

Yes. Feature rules apply to all roles, including administrators. Users who can manage DashOrgNicer Feature Manager settings can always open DashOrgNicer Feature Manager to change rules.

= Does DashOrgNicer Feature Manager only hide menu items? =

No. DashOrgNicer Feature Manager enforces restrictions through admin menus, capabilities, direct URL guards, REST API routes, and admin bar nodes where applicable.

= Can I lock myself out of DashOrgNicer Feature Manager? =

Any user with the `adftmgr_manage_settings` capability can always reopen DashOrgNicer Feature Manager to change rules. On a default install, that is the Administrator role.

= What happens if I disable Posts for all roles? =

Posts menus, screens, REST endpoints, and related admin bar links are blocked for affected users. Save carefully and keep at least one manager who can access DashOrgNicer Feature Manager.

= Does DashOrgNicer Feature Manager support custom post types and plugin settings pages? =

Yes. Custom post types are auto-discovered on the Post Types screen. Plugin and theme admin pages registered as `admin.php?page=…` appear on the Plugin Pages screen. Settings sub-pages under `options-general.php` appear on Settings Screens.

= Will directory listing protection secure my server? =

No. The General setting only adds protective `index.php` files in WordPress-managed folders. Configure your web server (for example, disable directory indexes) for real hardening.

= Does disabling one Settings screen block the REST API for that screen? =

Not individually in v1. Settings Screens enforcement applies to wp-admin menus, direct URLs, and capabilities. The shared `/wp/v2/settings` REST route is blocked only when the parent **Settings** feature is denied on the Features page. Per-screen REST granularity may be added in a future release.

= Are plugin admin pages blocked via REST? =

Plugin Pages enforcement covers wp-admin menus, `admin.php?page=…` URLs, and capabilities. REST endpoints are not auto-discovered. Use the `adftmgr_admin_pages` filter to add `rest_routes` when a plugin exposes an API you need to gate.

== Screenshots ==

1. DashOrgNicer Feature Manager Features settings page
2. DashOrgNicer Feature Manager Post Types settings page
3. DashOrgNicer Feature Manager Settings Screens page
4. DashOrgNicer Feature Manager Plugin Pages page
5. DashOrgNicer Feature Manager General settings page

== Changelog ==

= 1.0.0 =
* Initial release scaffold
* Admin menu with Features and Post Types pages
* Full MVP feature catalog with role-based enforcement
* Custom post type auto-discovery
* Full enforcement layers: menus, capabilities, direct URLs, REST API, and admin bar
* Settings Screens submenu for per-screen Settings access
* Plugin Pages submenu for third-party admin.php?page=* screens
* General submenu for site-wide admin toggles
* Directory listing protection via index.php placeholders
* Reset to WordPress defaults

== Upgrade Notice ==

= 1.0.0 =
Initial release.
