[wp-hackers] Managing User Levels and Capabilities

[Owen Winkler]

> While Scott's suggestion would provide a temporary solution 
> for me, I agree with Owen that a true ACL-style user auth 
> system would be far more preferable.  Any suggestions?

Here's my thought:

One of the issues currently with implementing an ACL-style system is
that there isn't a list of possible permissions.

Perhaps centralizing the control of permissions would help this a bit.
Instead of querying a user level at each point of the security process
("Can I upload?: $user_level > X"), we could centralize the permissions
based on security monikers (permission_ok('upload')).  The code that
returned whether a specific permission was allowed or not could be
exactly the same as now (using $user_level), but the permissions would
be centralized into a single function.  Net effect: No change.

However- This function would also provide a plugin hook.
(do_action('get_permission', $reqested_permission);)

Unfortuntely, this system doesn't do much for restricting access to
certain posts, since (as far as I know) there is no way to use the
existing user levels to restrict posts for three separate user groups
(guests, family, friends).

And while I'm brainstorming, a way to do this easily (depending on your
definition of "easily") would be to restrict access based on category.
In the category editor, an option might include setting a required
access level to see posts from that category.  There's got to be a
better way.

Owen