[wp-trac] [WordPress Trac] #10201: Switch roles to use single role, and no user-specific caps

WordPress Trac wp-trac at lists.automattic.com
Fri Feb 18 22:59:51 UTC 2011 

#10201: Switch roles to use single role, and no user-specific caps
-------------------------------+-----------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:
     Type:  enhancement        |      Status:  assigned
 Priority:  normal             |   Milestone:  Future Release
Component:  Role/Capability    |     Version:  2.8
 Severity:  normal             |  Resolution:
 Keywords:  early              |
-------------------------------+-----------------------------
Changes (by ryan_b):

 * cc: ryan_b (added)


Comment:

 what if instead of doing away with user specific capabilities, we did away
 with roles.  I mean since when does it make sense to link a user to an
 arbitrary grouping (ie role) that just links to the actual capabilities.
 Best I can tell this was done for simplicity, most average user's want to
 make a user an editor, not make a user who has capabilities a, b, c, 1, 2,
 3, x, y, and z if you know what I mean.  That is all fine and good and I
 can understand that.  But who says you have to link the user to a role.
 Picture this, you add a new table let's call it usercaps (yes, you could
 use usermeta for this but it'll probably be cleaner to do this is a
 different table) that will link users to caps, with an arbitrary auto
 incremented number to act as primary key, the scheme would be like this:

 ID (pk) = 1[[BR]]
 User ID = 1[[BR]]
 Capability = manage_options

 ect...this can be done either way, select * from usercaps where User ID =
 1 and Capability = manage_options to see if the user has the cap, select
 UserID from usercaps where Capability = manage_options to see who has
 manage_options, or select Capability from usercaps where User ID = 1 to
 see what caps user 1 has.

 Now what about the general user, we want to keep simple things simple
 while remaining flexible is the key, you we will still have something
 called roles, it will be much like a template of capabilities to give the
 user, the net effect cleanner in the db, keeps the simple role system for
 the general user, but it's flexible for those power users.

 Now for the power users, there would be an API that a plugin could utilize
 to replace the role selector with a direct capability selector so now each
 user can have their own distinct set of capabilities, if needed.  This
 would be done via Plugin API with a plugin only for those requiring
 something more flexible than just the basic roles.

 This way you change out your old V6 roles/capabilities engine with a more
 powerful v8, while keeping things simple for the average user but
 remaining flexible for advanced users giving them more power if they need
 it (hey that's a good analogy, I'll have to remember that one, lol).

 I mentioned this in wp-hacker's this question was raised: but if you would
 want to add a capability to a role, you don't know which user has which
 role.
 so you would have to do this for every user.

 Which was a fair point, my response to that was there are really two
 options, option one is you could determain the current role by caps, ie if
 they can manage_options you know they are an admin, if not check a cap
 first avalible at the next level, or introduce a role specific cap (bring
 back levels for instance).

 The other option, perhaps what may work best, is to still store the role
 in user meta, this way you can still display in the admin panel the
 specific role for a given user like today, it keeps things very familiar
 to the user.  Also for those using the full capability editor which would
 be accessed either by plugin or setting an option somewhere, you could
 still let then choose roles, then customize them further, then if they are
 not using the exact role setup but a customized set of capabilities you
 could give them two options:

 1. A textbox to name the "role" which would just describe the capability
 set, this would be stored in therole meta value.

 2. Optionally they could save it as a role that can be assigned to other
 users, letting them easily mirror those exact permissions to other users,
 maybe give them the option to check a box and the role name, and
 capabilities would be stored is a setting as a serialized array, soley for
 prepopulating capabilities for other users in the future.

 So what do you think of this method, i'm always interested in feedback.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10201#comment:61>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list