[wp-hackers] User Permissions system overhaul

David House dmhouse at gmail.com
Mon Jun 13 11:09:32 GMT 2005 

On 6/13/05, Brett Taylor <brett at webfroot.co.nz> wrote:
> I would like to see the ability to assign a user more than one role

Good idea.

> REALLY like to see the ability to add/update/remove permissions for
> different tasks to new or existing roles.

Good to hear, I was worried that this kind of advanced permission
system wasn't going to be very popular, but I think there'd be enough
demand for it.

> Where I say [advanced] these are non-standard user roles that will
> remain hidden until the option "Enable Advanced User Permissions
> Management" is turned on.

I think this may be complicating things a bit too much. I think,
instead of having to create a role you'd inevitable only assign to one
person, you should be able to configure exactly what a user can and
cannot do, and give them a title (e.g., you could configure it so that
they can moderate comments, and give them the title 'Spam Manager').
 
> Each Role should have a master "Enabled" switch, which will turn that
> role on and off, and as such, users with a disabled role do not gain the
> permissions that role would normally grant.

Again, I don't see that this would provide a great benefit. I can't
see this being used much, and it would be quite confusing IMO.

> So, instead of having the option "Users must be registered and logged in
> to comment", just disable the guest role.  Heck, you could make the
> former option an alias to the latter, or even better, an alias to the
> "can leave comments" permission on the Guest role.
>
> Also, you would need an option like:
> 
> * Newly registered users gain these roles:
>    [disabled][x] Registered User   (ie, they will always get this role)
>              [ ] ...
>              [ ] ...
>              [ ] other roles

I think wording it something along the lines of two options:

[ ] Anyone can register as a registered user
[ ] You have to be a registered user in order to comment.

I don't think there'd be a great demand for allowing users to register
themselves as anything other than registered users.

> When editing roles, you would probably want to categorise the different
> 'user tasks' into 'user task categories" "Administration", "Posting",
> "Commenting", "Links", "Uploading".

How would this serve any purpose?

> With respect to plugins, plugins should be able to add new 'user tasks',
> new 'user task categories', and maybe even new default advanced roles.
>
> Anyway, that's my vision for a truly extensible user permissions
> overhaul. I believe if implemented correctly, WP's user system will
> rival other CMSs.  I hope you share this vision!

Keep in mind that WP is primarily weblogging software. WP isn't trying
to capture the CMS market. I think a lot of what you've suggested
would be over the head of the average WP user. I think that the
following would be sufficient:

* Change user levels system to user roles; use roles proposed by Denis
de Bernardy.
* Allow advanced configuration of individual users: checkboxes to say
what this user can and cannot do.
* Allow titles to be given to users.
 
> Wikis seem to help people think better... I've already revised half of
> the content in this email there already.

Okay, but can we try to keep the discussion on this page? Things could
easily get out of hand otherwise.

-- 
-David House, dmhouse at gmail.com, http://xmouse.ithium.net

More information about the wp-hackers mailing list