[wp-trac] Re: [WordPress Trac] #10201: Switch roles to use single
role, and no user-specific caps
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 17 23:14:01 GMT 2009
#10201: Switch roles to use single role, and no user-specific caps
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: Denis-de-Bernardy
Type: enhancement | Status: accepted
Priority: normal | Milestone: 2.9
Component: Role/Capability | Version: 2.8
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
Changes (by Denis-de-Bernardy):
* owner: => Denis-de-Bernardy
* status: new => accepted
* component: General => Role/Capability
Comment:
posting the raw log, will summarize later:
{{{
ddebernardy: you mean roles control in admin like wp-roles did?
12:08 AM MarkJaquith
ddebernardy: here is my idea on roles:
12:08 AM jeffr0
wow, alot of people would be cheering if role management received an
overhaul and was more user friendly/ more granular
12:08 AM Jane_
will post on dev blog later this week or more likely early next week with
prioritization poll. hopefully using andy peatling's nifty drag and drop
feature ranking system from buddypress site.
12:08 AM jeffr0
heh I saw Andys roadmap stuff
12:08 AM aaroncampbell
jeffr0: I think you're the first one to mention "sitemap"
12:08 AM rboren
http://bbpress.org/plugins/topic/user-roles-table-for-bbpress/
12:09 AM
Used on talkpress on some other places.
12:09 AM ddebernardy
aaroncampbell - I was meaning this:
12:09 AM
http://core.trac.wordpress.org/ticket/2531#comment:20
12:09 AM
and rboren's reference
12:09 AM MarkJaquith
My idea: Get rid of the concept of negated capabilities. No one uses them.
Get rid of the idea of standalone capability granting. Almost no one uses
it. Get rid of the idea of multiple roles. No one uses it. Just have
wp_user_role = 'author' in the meta table.
12:10 AM Jane_
see you guys
12:10 AM Jane_ is now known as jane|dinner
12:10 AM aaroncampbell
ddebernardy: I thought that jeffr0 was talking about the permalink
history. Not sure I was correct, but is there a ticket for that one?
12:11 AM ddebernardy
oh, sorry, was meaning to reply to bi0xid
12:11 AM bi0xid
MarkJaquith: I think i don't understand. I use roles subscriber, author,
editor and admin in almost all the blogs i admin. Do you want to eliminate
them?
12:11 AM ddebernardy
yeah, permalink history would mean being able to drop all of the
redirection plugins
12:11 AM MarkJaquith
bi0xid: no.
12:11 AM
bi0xid: by multiple roles, I mean a person who is both an admin and an
subscriber.
12:12 AM bi0xid
ooh
12:12 AM
MarkJaquith:
12:12 AM MarkJaquith
You probably didn't know WP could do that. Because NO ONE uses it. :-)
12:12 AM bi0xid
MarkJaquith: agreed. If you want to have 2 profiles, then use 2 users.
12:12 AM Fredelig
:)
12:12 AM aaroncampbell
MarkJaquith: since there's not a limit to the number of roles, I think
that the few people that use that could just create another role that is
the equivalent to those two roles combined
12:13 AM ddebernardy
bi0xid - not so, if you've a membership plugin of sorts
12:13 AM MarkJaquith
aaroncampbell: exactly.
12:13 AM bi0xid
that's the poing
12:13 AM
*point
12:13 AM rboren
To get user with a certain cap, see which roles have that cap, see if user
has one of those roles.
12:14 AM MarkJaquith
yep, rboren.
12:14 AM ddebernardy
and seeing which users have those roles amounts to querying all users
12:14 AM
it's a major problem atm
12:14 AM MarkJaquith
ddebernardy: indeed. users.php doesn't scale because of it.
12:14 AM ddebernardy
exactly
12:15 AM MarkJaquith
The authors dropdown doesn't scale because of it.
12:15 AM ddebernardy
ok, so I take it that new roles tables will have more traction?
12:15 AM nikolayb has left IRC (Read error: 54 (Connection reset by peer))
12:15 AM MarkJaquith
ddebernardy: I don't see that a table is needed.
12:15 AM ddebernardy
it's needed for joins
12:15 AM
you don't want this stuff in a meta table
12:15 AM MarkJaquith
you can use usermeta as user-to-role
12:16 AM ddebernardy
meta joining an integrer on a text field is not the most efficient thing
there is
12:16 AM
sql joining even
12:17 AM MarkJaquith
agreed. But I don't think the speed you lose in storing it in usermeta is
worth adding a whole new table just for that.
12:17 AM ddebernardy
if we decide to drop the true|false thingy as you suggest, we've less
tables but it's less flexbile
12:17 AM
MarkJaquith - it is, when you implement a membership plugin
12:17 AM MarkJaquith
It's just as flexible. It may just require more roles to do it.
12:17 AM ddebernardy
it makes evry difference in teh world, in fact
12:18 AM
so much so, that the better membership plugins create a separate table,
memberships
12:18 AM rboren
Well, a problem with usermeta is that you have to use db prefixes to get
the role for a given blog. Having a blog id would be nicer.
12:18 AM ddebernardy
and then user2membership and membership2post
12:19 AM nikolayb has joined the channel.
12:19 AM ddebernardy
rboren - there is a ticket related to a CAPS define, related to that
12:19 AM
added a patch a few days ago
12:19 AM
but obvious not relevant if we get the roles tables fixed
12:19 AM
because we also need to be able to sort out a common desire for users to
have the same role across blogs
12:22 AM
#8663
12:22 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/8663 normal, normal,
2.9, hudatoriq->hudatoriq, new, Allow customizing capabilities prefix
through wp-config.php
12:22 AM Viper007Bond has left IRC ("http://www.viper007bond.com/ |
http://www.finalgear.com/" )
12:23 AM MarkJaquith
Oh neat... that's been bothering me for a long time that you couldn't do
that. I have a script that syncs the caps :-)
12:23 AM ddebernardy
anyway, is that a go for it for a role revamp in 2.9?
12:24 AM DD32
Little late i know, But Roles: Just simplify them, Dont bother with a new
table unless its absolutely needed, Theres no need to move from an
awkwardly complex system no-one uses, to another complex setup that no-one
uses. - A single role per user + serialised caps for each role loaded once
in memory, simple and do-able with the current layout
12:24 AM ddebernardy
or shall we stick to 8663?
12:24 AM photomatt
ddebernardy: to your earlier point of discussion, in many years of doing
this I have seen zero correlation between a longer release cycle and more
stable product
12:24 AM
in fact it seems to be the opposite
12:24 AM MarkJaquith
DD32: that would be my choice.
12:25 AM ddebernardy
DD32 - there's a half dozen tickets related to roles/caps
12:25 AM bi0xid
photomatt: people relax when having more time :P
12:25 AM MarkJaquith
Simple, no new tables. And we can totally handle upgrades without changing
anyone's caps.
12:25 AM photomatt
so about 3 per year seems to be the best balance of plenty of room for
testing and getting improvements into users hands as frequently as
possible
12:25 AM ddebernardy
that are related to changing the way it's managed for all sorts of reasons
12:25 AM
photomatt - 3 per year is fine, not 4 :-)
12:25 AM DD32
ddebernardy: I dont care if there is, That doesnt make much of a
difference, people have troubles with the current role system, Anyone who
needs extreme grain control over it, can use a plugin, just like they have
to do in the first place to change the roles caps anyway
12:26 AM ddebernardy
photomatt - are you in SF next month, so we can have a beer at some point?
12:26 AM jeffr0
what is this canonical plugins i keep hearing about. I don't understand
what that means
12:26 AM photomatt
I'm actually gone all of july, until the very end
12:27 AM ddebernardy
that's fine, I'll be in Merced, probably for 2-3 months
12:27 AM photomatt
an obvious improvement for roles for 2.9 could be: there is no place in
the interface that says what any role does
12:27 AM ddebernardy
just let me know when you're around (ddebernardy at yahoo.com
12:27 AM photomatt
even just a listing of capabilities in a human readable form would be a
nice improvement for folks
12:27 AM DD32
jeffr0: Its for those who change their permalink strucutre so damn often.
Ie. /2009/09/<postid>// - gets changed to /september/2009/<postname>/ and
WP remembers the old format...
12:27 AM MarkJaquith
photomatt: I'd be up for simple role management if we got the whole system
to a simple caps, bucket system.
12:27 AM aaroncampbell
jeffr0: The idea would be that a specific plugin would be the
"recommended" solution for a particular issue, and rather than getting 50
developers to create 50 different competing solutions, they could work
together on one.
12:27 AM photomatt
some checkboxes for modifying non-admin capabilities would be icing on the
cake
12:27 AM DD32
oh.. wrong thing :)
12:27 AM jeffr0
no you're speaking of canonical urls
12:27 AM
lol
12:28 AM DD32
Still too early here :P
12:28 AM aaroncampbell
Also, as mentioned, there's the possibility to get those added as part of
the testing process (or even as unit tests)
12:28 AM photomatt
MarkJaquith: I think the user side should be done before any backend
changes
12:28 AM
unless there's something inherit in the current structure that prevents us
from moving forward
12:28 AM jeffr0
I know some plugin authors are already working behind the scenes together,
collaborating together
12:28 AM
would this system help that?
12:28 AM photomatt
the consensus seems to be it's too flexible, not too little
12:29 AM ddebernardy
photomatt - there is. it prevents the likes of list authors with cap A or
B to scale, for one thing
12:29 AM MarkJaquith
photomatt: yep. Too much flexibility, and it's actually constraining
performance. Could do UI first, but it wouldn't support any of the soon-
to-be-deprecated features.
12:29 AM aaroncampbell
jeffr0: yeah, but I think it's just an idea at this point. it was
mentioned in photomatt's state of the word in SF.
12:29 AM ddebernardy
and it prevents plugin authors from having a ready API to add memberships
12:29 AM MarkJaquith
Like multiple roles per person, or role + additional cap.
12:31 AM ddebernardy
right
12:31 AM aaroncampbell
jeffr0: I talked about it a little in part 2 of my summary of the state of
the word from SF: http://wpinformer.com/state-word-wordcamp-part-2/ ...I'm
not much of a writer, but it's there
12:31 AM photomatt
MarkJaquith: I think having a UI would be a good constraint for us when we
want to do a rearchitect in a future version
12:32 AM
because creating the UI will force us to figure out what people actually
want from it
12:32 AM
what the most popular plugins are doing with it, etc
12:32 AM
without taking out the plumbing before we have a place to pee
12:32 AM
so to speak
12:32 AM ddebernardy
photomatt - no no, the good membership plugins are ignoring wp roles
altogether
12:32 AM bi0xid
Sorry guys. Off to bed. Must be awake in 5 hours to work ^_^. Will read u
tomorrow.
12:32 AM ddebernardy
precisely because it's not query'able
12:32 AM bi0xid is now known as bi0xid[a]
12:33 AM aaroncampbell
MarkJaquith: just to add my two cents, I use "role + additional caps"
fairly regularly, but I'm not against having to create a new role to do
that.
12:33 AM photomatt
ddebernardy: point me to the plugins, I'm happy to take a look at them
12:33 AM MarkJaquith
aaroncampbell: And the upgrade could create that new role for you.
12:33 AM ddebernardy
photomatt - they're all paid for stuff, sadly
12:33 AM photomatt
then I don't care about them
12:33 AM ddebernardy
but wp wishlist, for one, is one of them
12:33 AM
and my own (yet to be released, so not very relevant) is another
12:34 AM photomatt
if people are restricted to a single role, which is totally fair, then we
could put an index back into wp_users using the old user_level field (or a
new one) which would make querying easy-peasy
12:34 AM ddebernardy
I plan to place mine in the wp repo
12:34 AM
and I'd ideally want the roles table revamped by then
12:34 AM aaroncampbell
MarkJaquith: true. Another FYI, I use Role Manager (http://www.im-web-
gefunden.de/wordpress-plugins/role-manager/) and I think it's pretty
popular.
12:34 AM ddebernardy
else I'll just add a few more defines
12:34 AM
and db tables
12:34 AM MarkJaquith
photomatt: the only issue is that you can have different roles on
different blogs, so you can't store it in the user table.
12:35 AM jeffr0
role manager is very popular
12:36 AM ddebernardy
as much as role manager is popular it still doesnt' make it possible to
query users who can edit posts or pages, for instance
12:36 AM DD32
MarkJaquith: Thats the only case i see against it.. infact, integrating
with other sites/setups is the only time you'd use a roll+cap or multiple
roles ideally..
12:36 AM photomatt
as far as I can tell role-scoper is the most popular role plugin, and #657
overall
12:36 AM ddebernardy
and that's like.. a must have, based on teh role/caps tickets
12:36 AM MarkJaquith
DD32: I'm not talking about multiple roles on one blog. Multiple roles on
multiple blogs. One role per blog.
12:36 AM photomatt
MarkJaquith: good point, so in usermeta it should say
12:37 AM
*stay
12:37 AM MarkJaquith
photomatt: but as role in plaintext only.
12:37 AM photomatt
yep
12:37 AM ddebernardy
ok, let me get this right
12:37 AM photomatt
I've always liked the approach of capabilities as a big array, which
anyone could filter
12:37 AM DD32
MarkJaquith: Ah yeah slight mis-understanding there.. But yeah ok that
makes sense
12:37 AM photomatt
rather than being stored in the DB as primary store after installation
12:38 AM
there's nothing in the code we can rely on any role existing, iirc
12:38 AM MarkJaquith
photomatt: you can still do that. Most of the sites I create, I hardcode
roles using pre_option_* filters
12:39 AM ddebernardy
photomatt - see the performance/optimization tickets
12:39 AM
and a few template tickets
12:39 AM photomatt
yeah but when you do that you're making assumptions -- we do the same on
wp.com
12:39 AM MarkJaquith
What assumptions?
12:39 AM ddebernardy
there are a few that relate to not being able to query users having a cap
12:40 AM photomatt
ddebernardy: I'm familiar with the problem. if you'd like me to look at a
specific ticket, please link it
12:40 AM MarkJaquith
ddebernardy: it's roundly agreed that cap-to-user is needed. I've been
honking that horn for over three years.
12:40 AM Viper007Bond has joined the channel.
12:40 AM ddebernardy
#2787
12:40 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/2787 normal, normal,
Future Release, markjaquith->jacobsantos, new, New Method of storing and
calculating cap2user and user2cap
12:40 AM ddebernardy
#2531
12:40 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/2531 normal, normal,
Future Release, markjaquith->jacobsantos, new, Functions for registering
additional capabilities and getting a list of all capabilities
12:40 AM clioweb has left IRC ()
12:40 AM photomatt
MarkJaquith: that nothing has modified in the DB. usually when I use a
pre_option hook it feels like a hack
12:40 AM ddebernardy
#5942
12:40 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/5942 normal, normal,
Future Release, tellyworth->, new, Add Owner role
12:40 AM ddebernardy
#5255
12:40 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/5255 normal, normal,
Future Release, markjaquith->jacobsantos, new, Simplify role/capability
for easier cap => user lookups
12:40 AM ddebernardy
#5540
12:41 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/5540 normal, normal,
Future Release, tellyworth->jacobsantos, new, User roles overhaul
12:41 AM ddebernardy
#5541
12:41 AM photomatt
ddebernardy: no need for a ticket flood, feel free to filter
12:41 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/5541 normal, normal,
Future Release, tellyworth->jacobsantos, new, Refactor and simplify
WP_Roles
12:41 AM MarkJaquith
photomatt: I think of it as a hedge against silly users updating things
they shouldn't be.
12:41 AM photomatt
otherwise it's annoying
12:41 AM ddebernardy
need more? :-)
12:42 AM
sorry ;-)
12:42 AM photomatt
was the role system from owen? I don't remember that
12:42 AM ddebernardy
I think so, yeah
12:43 AM MarkJaquith
yes. as with the original role manager plugin.
12:43 AM photomatt
this is a pretty good summary of how I still feel 3 years later:
http://core.trac.wordpress.org/ticket/2531#comment:10
12:44 AM MarkJaquith
He over-engineered it.
12:44 AM ddebernardy
MarkJaquith - agreed, that is totally needed in my experience of role
management as well
12:44 AM
photomatt - agreed, but only one one front
12:45 AM
that caps can be managed as a serialized array
12:45 AM
roles, however, should not
12:45 AM MarkJaquith
photomatt: my only objection to that remains that people adding new roles
have to store them somewhere.
12:45 AM ddebernardy
if you want to allow the viewing of this or that post by members of this
or that product, then you need a table
12:45 AM MarkJaquith
So why not have a canonical storage location?
12:46 AM photomatt
the pivot point to me is whether we want them to be editable in core
12:47 AM ddebernardy
and even then, the current setup introduces performance issues related to
fetch all users with this or that cap, in wp
12:47 AM MarkJaquith
Without any editing, I agree. Hardcode that sucker and use IDs.
12:47 AM photomatt
if not, then new plugins with new roles would just filter the array and
add them, or a "role manager" plugin would override the array with
something pulled from the DB, in however it wants to store it
12:47 AM jeffr0
editable as in checkboxes and drop down menus?
12:48 AM ddebernardy
jeffr0 - yes
12:48 AM MarkJaquith
photomatt: upgrade issues sort of box us in on that... unless we want to
break people's custom roles.
12:48 AM photomatt
ddebernardy: since that's not core functionality, a plugin having a new
table to optimize for its use case is totally fine
12:49 AM
that's why I suggested it in alex's patch on #5540
12:49 AM wp-trac-bot
photomatt: http://core.trac.wordpress.org/ticket/5540 normal, normal,
Future Release, tellyworth->jacobsantos, new, User roles overhaul
12:49 AM ddebernardy
photomatt - I'm fine with the idea, as long as it's clear-cut and clearly
defined as wontfix for the remaining tickets in WP :-)
12:50 AM
your statement prompts me to close like... about 20 or so performance
related tickets as wontfix
12:50 AM photomatt
the closest it gets to core is in MU, which has to jump through hoops to
get the users of a blog
12:50 AM
ddebernardy: don't jump the gun, it's a discussion
12:50 AM ddebernardy
photomatt - that's interesting
12:50 AM
define users of a blog
12:50 AM
it's all users with edit cap, no?
12:51 AM
if so, you're making my point (for 4-5 extra tables) exactly
12:51 AM JamesCollins has joined the channel.
12:51 AM MarkJaquith
it's all users with a role on that blog.
12:51 AM photomatt
any role
12:52 AM ddebernardy
so that's only a two tables -- roles, user2role
12:52 AM
role could be defined in the db, and that's no biggy
12:52 AM
until we need to fetch users with a specific cap
12:52 AM
if we need that, we also need role2cap and user2cap
12:52 AM
so two extra
12:52 AM photomatt
ddebernardy: it's being done now without additional tables, and has been
for years
12:52 AM
it's just annoying
12:53 AM DD32
fetch specific: Thats simpler to just do an array filter, get the list of
roles, query users based on roles
12:53 AM ddebernardy
yaya, I realize, but it coudl scale a lot better with the extra tables
(and indexes)
12:53 AM DD32
scale past what? 10 roles and 50 caps?
12:53 AM ddebernardy
I'm not managing wp.com though, only you have the gory details ;-)
12:53 AM photomatt
the key in scaling is usually caching, not as much normalized data storage
12:54 AM ddebernardy
dd32: on a mu install such as wp.com we're talking hundreds of thousands
of actual users
12:55 AM
photomatt - not so, even with memcached on you won't get past the
bottleneck that goes, fetch all users, foreach users that has this cap add
to array
12:55 AM DD32
ddebernardy: Yes, Which is why you'd optimize user fetching on roles, but
actual cap -> user would be done as a PHP cap-> roles, then a SQL of roles
-> users. Still scales very well for thousands of users if the user->role
part is optimized
12:55 AM MarkJaquith
ddebernardy: that's not how you'd do it...
12:55 AM
figure out which roles have the cap. Easy, done in PHP, very fast.
12:56 AM
With roles in hand, do one query on usermeta.
12:57 AM ddebernardy
MarkJaquith - until you've users who have several roles
12:58 AM MarkJaquith
ddebernardy: I was proposing dropping multi-role.
12:58 AM ddebernardy
and even then, if you've a user who has caps on top of roles, your query
is erroneous ;-)
12:58 AM MarkJaquith
And I was proposing dropping caps on tops of roles.
12:58 AM
wp_user_role => 'editor'
12:58 AM ddebernardy
I'm fine with both ideas and will be happy to contribute the patch, as
long as it's a clear-cut decision
12:59 AM rboren
All customization done through roles. One role per user.
12:59 AM ddebernardy
as long as we can get all of those performance tickets closed I'm happy
12:59 AM rboren
Has the benefit of simplicity. Most priv systems are confusing as hell.
12:59 AM aaroncampbell
I need to go, but I agree with MarkJaquith ...drop the multiple roles per
user, drop the added caps (make new roles instead), and keep it relatively
simple (IMO)
12:59 AM ddebernardy
rboren - they sure are
1:00 AM DD32
and mutli-blog systems would still be clear-cut, as the role for the other
blogs would be different meta rows..
1:00 AM ddebernardy
ok
1:00 AM
so are we all agreeing with dropping multi-roles and user caps?
1:00 AM rboren
Seems like.
1:00 AM ddebernardy
photomatt?
1:01 AM photomatt
rboren: I like that
1:01 AM ddebernardy
ok
1:01 AM
let's do that
1:01 AM rboren
Makes code and queries much simpler. And UI could be pretty simple too.
1:01 AM DD32
Before making a rush to close all those tickets though, Just think it over
and open a new ticket based on that idea, see the reaction, and then close
the non-needed stuff.....?
1:01 AM photomatt
MU is handled by the prefix
1:01 AM
DD32: makes sense
1:01 AM rboren
DD32: Mark and I have a ticket where we debated this very thing somewhere.
1:01 AM photomatt
rboren: what would the compatability implications be?
1:02 AM rboren
For stock WP, no problem. For those who use role manager, could be some
headaches.
1:02 AM MarkJaquith
I really think it can be handled in upgrade.
1:02 AM rboren
Might need something to translate multiple roles + caps into new roles.
1:02 AM MarkJaquith
rboren: yep.
1:03 AM
If a role doesn't exist with those exact GRANT capabilities, we create
one.
1:03 AM photomatt
do any plugins enable multiple roles?
1:03 AM
on a single blog
1:03 AM ddebernardy
#10201
1:03 AM MarkJaquith
I've never seen it.
1:03 AM wp-trac-bot
ddebernardy: http://core.trac.wordpress.org/ticket/10201 normal, normal,
2.9, Denis-de-Bernardy->, new, Switch roles to use single role, and no
user-specific caps
1:03 AM rboren
Haven't look at role manager forever. Is it even maintained any more?
1:03 AM MarkJaquith
rboren: by someone else, I believe.
1:04 AM ddebernardy
rboren - it is, but not very well
1:04 AM
photomatt - yes, membership plugins
1:04 AM DD32
Alright, 9am, better get to work. - Someone save a chanlog and post it up
later please? (If theres anything else further said)
1:04 AM ddebernardy
we're absolutely guaranteed to break all of the poorly written ones if we
implement this
1:05 AM rboren
Off to the airport. Dropping off the wife. Later all.
1:05 AM ruslany has joined the channel.
1:05 AM ddebernardy
by poorly written ones, I'm meaning those that are sub-optimal from a db
performance standpoint
1:06 AM
DD32: will add a big copy of the discussion in 10201
1:06 AM jeffr0
heh
1:06 AM ddebernardy
I actually like this idea
1:07 AM
it means membership plugins need to manage their own multi-role tables
1:07 AM
and that is good
1:07 AM
because roles and memberships are different animals
1:07 AM MarkJaquith
Yay. Three years and I finally got consensus on this! :-D
1:07 AM ddebernardy
:-)
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10201#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list