[wp-trac] Re: [WordPress Trac] #2787: New Method of storing and calculating cap2user and user2cap

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 7 12:40:26 GMT 2006


#2787: New Method of storing and calculating cap2user and user2cap
----------------------------+-----------------------------------------------
       Id:  2787            |      Status:  assigned                
Component:  Administration  |    Modified:  Wed Jun  7 12:40:26 2006
 Severity:  normal          |   Milestone:  2.1                     
 Priority:  normal          |     Version:  2.1                     
    Owner:  markjaquith     |    Reporter:  markjaquith             
----------------------------+-----------------------------------------------
Comment (by markjaquith):

 Owen,
 I like your "grant" column idea.

 I don't think that it matters that users can have multiple roles.  I don't
 think we need to know which caps came from which role.

 Check out this example:

 Role "Admin" has caps "Apple," "Banana" and "Tomato"
 Role "Editor" has caps "Banana," "Pear" and "Tomato"

 Lets give a user both roles, so they get caps of "Apple," "Banana," "Pear"
 and "Tomato"

 Now, let's grant them the extra cap of "Mango", and deny them the cap of
 "Tomato"

 so right now, they have 3 role-generated caps: Apple, Banana and Pear.
 They have one extra cap of "Mango," and one denied cap of "Tomato"

 Now, we delete the Editor role.  All we do is recalculate the caps, and we
 end up only losing the "Pear" cap.

 The pseudo code process works like this:

  * Add all caps associated with the user's roles, with no duplicates
  * If the user is granted an extra cap, add it with the extra_cap flag
  * If the user is denied a cap that they already have, switch the "grant"
 column to "0"
  * If the user is denied a cap that they don't have, add the cap with the
 extra_cap flag and the "grant" column set to "0"

 That's the initial setup.  When deleting a role, you merely flush out all
 non-extra_cap capabilities, and then re-apply the user's new role-
 associated caps (not overwriting any extra_caps).

 We don't need to know which caps came from which roles... only if they
 came from outside the role system.  Does this make sense?

 And yeah, I'd like to see at least some components of the Role Manager in
 core.  Specifically, the ability to add a new capability and grant it to a
 role or user.  Adding new capabilities or renaming capabilities doesn't
 even have to be in there.  Plugin authors aren't using their own special
 capabilities, like they should, because it requires people to install a
 third party plugin to add that capability to a user or role.  So they're
 either using an existing capability, which reduces the granularity of the
 capabilities system, or they're (and this is really bad), hardcoding it to
 a role (i.e. one of the default roles, that may or may not exist!!)

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2787>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list