[wp-trac] Re: [WordPress Trac] #2787: New Method of storing and
calculating cap2user and user2cap
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 7 12:40:26 GMT 2006
#2787: New Method of storing and calculating cap2user and user2cap
----------------------------+-----------------------------------------------
Id: 2787 | Status: assigned
Component: Administration | Modified: Wed Jun 7 12:40:26 2006
Severity: normal | Milestone: 2.1
Priority: normal | Version: 2.1
Owner: markjaquith | Reporter: markjaquith
----------------------------+-----------------------------------------------
Comment (by markjaquith):
Owen,
I like your "grant" column idea.
I don't think that it matters that users can have multiple roles. I don't
think we need to know which caps came from which role.
Check out this example:
Role "Admin" has caps "Apple," "Banana" and "Tomato"
Role "Editor" has caps "Banana," "Pear" and "Tomato"
Lets give a user both roles, so they get caps of "Apple," "Banana," "Pear"
and "Tomato"
Now, let's grant them the extra cap of "Mango", and deny them the cap of
"Tomato"
so right now, they have 3 role-generated caps: Apple, Banana and Pear.
They have one extra cap of "Mango," and one denied cap of "Tomato"
Now, we delete the Editor role. All we do is recalculate the caps, and we
end up only losing the "Pear" cap.
The pseudo code process works like this:
* Add all caps associated with the user's roles, with no duplicates
* If the user is granted an extra cap, add it with the extra_cap flag
* If the user is denied a cap that they already have, switch the "grant"
column to "0"
* If the user is denied a cap that they don't have, add the cap with the
extra_cap flag and the "grant" column set to "0"
That's the initial setup. When deleting a role, you merely flush out all
non-extra_cap capabilities, and then re-apply the user's new role-
associated caps (not overwriting any extra_caps).
We don't need to know which caps came from which roles... only if they
came from outside the role system. Does this make sense?
And yeah, I'd like to see at least some components of the Role Manager in
core. Specifically, the ability to add a new capability and grant it to a
role or user. Adding new capabilities or renaming capabilities doesn't
even have to be in there. Plugin authors aren't using their own special
capabilities, like they should, because it requires people to install a
third party plugin to add that capability to a user or role. So they're
either using an existing capability, which reduces the granularity of the
capabilities system, or they're (and this is really bad), hardcoding it to
a role (i.e. one of the default roles, that may or may not exist!!)
--
Ticket URL: <http://trac.wordpress.org/ticket/2787>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list