[wp-hackers] User roles - GSOC proposal

[Andrew Nacin]

Keep in mind that nothing that has been placed on the chopping block --
multiple roles and user-specific capabilities -- are supported in the core
UI, anywhere. (In fact, the users panels might look at you funny if a user
has multiple roles.)

Thus, this would only affect sites that use capability/role management
plugins. I would imagine that most plugins handle role management, not user
management, or at the very least, most administrators utilize role
management, as administering user-specific capabilities is much more
difficult and time-consuming. If you have enough user-specific caps to make
this nightmarish, then you probably don't have that many users, for that
reason.

So, I would propose two things:

1. That the upgrade path is released early in the development cycle as a
plugin, enabling administrators to handle this before the upgrade. Such a
plugin could have mapping capabilities such as how authors are handled in a
WP import, for example, and identify users with unique sets of caps.

2. That, for diligence purposes, we explore an option that eliminates
user-specific capabilities but keeps multiple role support. I can think of
an effective schema that keeps support for multiple roles that simply merge
the allowed capabilities, and still allow easy querying for, say, all users
with capability X. This could prevent us from oversimplification, which is
also something we wouldn't want.

The idea outlined in #10201 is controversial, which explains its
postponement for multiple releases, but appears to be gaining traction for
3.1. I had hinted earlier that I would expect a compromise of some sort. If
multiple roles can be implemented sanely in the new schema, that may very
well be a good thing to keep, for the CMS benefits.