This WordPress plugin limits user access to the dashboard based on whether users have a chosen capability. Disallowed users are redirected to a chosen URL.
Over the life of this plugin, several users have ended up getting locked out of the back-end of their own sites because they set a capability that their user didn't actually have.
In brainstorming how to implement some kind of fail-safe mechanism to prevent unintentional lock-out, I think the best option would be to simply do a cap check when the access setting is changed to warn the current user if they don't have the given capability. This could either be tied directly to the access setting change event or trigger it on settings save.
Over the life of this plugin, several users have ended up getting locked out of the back-end of their own sites because they set a capability that their user didn't actually have.
In brainstorming how to implement some kind of fail-safe mechanism to prevent unintentional lock-out, I think the best option would be to simply do a cap check when the access setting is changed to warn the current user if they don't have the given capability. This could either be tied directly to the access setting change event or trigger it on settings save.