[wp-hackers] Managing User Levels and Capabilities

Danny Dawson quasistoic at gmail.com
Tue Jul 6 02:56:03 UTC 2004 

>From a discussion I had with Scott Merrill back in May:

-----Start-----
Me: My weblog is a subset of a larger site.  The main portion of my website
is driven by a CMS called Geeklog, which I have integrated with
Gallery 1.4.3.  Instead of using user levels to control access to
features, it uses group permissions (i.e. if you are in group X, you
can do Y).  The benefit of this is that I can create "Family" and
"Friends" groups, and then choose who gets to see a particular post by
designating that post as belonging to one of the two groups, or to
"Everyone", or to "Logged-In Users," you get the picture.   I've been
wanting to integrate the WP user-authentication with geeklog, but it
seems that WP's whole authentication method would have to be
demolished and rebuilt from scratch to do so.  Unfortunately, I'm just
not code-savvy enough to do it myself.

Scott: Actually, you could probably do this fairly easily.  Better
yet, this might be a good "working example" of a way to provide hooks
into the WP authentication scheme for people like you who use WP in
conjuction with other systems.

Here's what I'm thinking: the WP auth code has a hook that can call an
external user-defined function.  That function, totally seperate from
WP, queries whatever other authentication system you're using and
returns some result.  You can then map the result of that external
auth to WP user levels.  So you could have your "family" map to WP
user level 1, and "friends" map to WP user level "2" (because let's
face it, you'll want your friends to read more of your goings-on than
your family!).

Obviously implementing this will be a little harder than I've made it
out up there; and it will certainly have shortcomings in systems that
support more robust or more granular security.  But it might be a
medium-term stop-gap while folks decide if a robust permissions system
is something that WP needs all for itself at the core.
-----End-----

While Scott's suggestion would provide a temporary solution for me, I
agree with Owen that a true ACL-style user auth system would be far
more preferable.  Any suggestions?

On Mon, 5 Jul 2004 22:23:06 -0400, Carthik Sharma <carthik at gmail.com> wrote:
> http://wiki.wordpress.org/User%20Levels
> 
> describes the existing framework.
> 
> There needs to be a well thought out framework, by default, and then
> we could have users change permission levels as they would like, as an
> option.
> 
> Carthik.
> 
> 
> 
> On Mon, 5 Jul 2004 21:55:37 -0400, Owen Winkler
> <ringmaster at midnightcircus.com> wrote:
> > > Is there an easy way to indicate what level user can do what... (I'm
> > > hoping there's a manage user roles and capabilities admin screen
> > > planned for 1.3)
> >
> > If this is to suggest a more ACL-like control over user permissions, rather
> > than the current BBS-like user level permission control, I second this
> > request.
> >
> > Sometimes you just want to assign specific permissions.  And other times,
> > you just don't want to have to remember what user level does what.  (And the
> > user level interface is the clunkiest part of WordPress admin.)
> >
> > Provide a hook for plugins to add new permissions to the list of all
> > permissions, and we've got a winner!
> >
> > Owen
> >
> >
> >
> >
> > _______________________________________________
> > hackers mailing list
> > hackers at wordpress.org
> > http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> >
> 
> 
> --
> When nothing is done, nothing is left undone -- 老子 Lǎozi
> 
> University of Central Florida
> Homepage: http://carthik.net
> 
> 
> 
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> 


-- 
--Danny Dawson

More information about the hackers mailing list