[wp-trac] [WordPress Trac] #39174: Introduce network roles

WordPress Trac noreply at wordpress.org
Thu Dec 8 02:00:46 UTC 2016 

#39174: Introduce network roles
-----------------------------+-----------------------------
 Reporter:  flixos90         |      Owner:
     Type:  feature request  |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Role/Capability  |    Version:
 Severity:  normal           |   Keywords:
  Focuses:  multisite        |
-----------------------------+-----------------------------
 We have been discussing introducing network roles during multisite office-
 hours several times. The original concept for roles on
 multisite/multinetwork was the following:

 ''Site Administrator < Network Administrator (currently also called "Super
 Admin" < Global Administrator < Super Admin (special access via
 `$super_admins` global, has all capabilities automatically)''

 This ticket is about network roles in particular, but we need to figure
 out the entire concept we'll be going with beforehand.

 After the initial discussions which happened several weeks ago, I started
 playing around with that idea and created a plugin with network roles
 which is available at https://github.com/felixarntz/wp-network-roles. The
 details on that plugin are described in this Google doc (and are probably
 worth reading to understand the following discussion better):
 https://docs.google.com/document/d/1MWwwKmhBJookr5dEcYga4sBtCwvx-
 K8uSucBFx6SP9U/edit#

 I just had a long conversation with @johnbillion around this topic where
 we agreed on some ideas, disagreed on others, were entirely unsure about
 others. The following bullet points sum up what we talked about / which
 questions we raised.
 * The original idea of network roles was that these roles behave similar
 to regular site roles: They all have a set of capabilities they can
 perform. These capabilities can apply to either the site or network level.
 This allows for roles like the current "Super Admin" / "Network
 Administrator" that has access to everything a site administrator has, but
 also to any network admin functionality - however it also allows for roles
 like a possible "Network Editor" which would be the same as if a user had
 the "Editor" role on every site of the network.
     * Should we support both of these concepts? Or should network roles
 only affect the actual network admin area? If the latter, which roles
 would we even need in Core itself (in addition to the "Super Admin" /
 "Network Administrator")? This decision would also affect whether we
 should support inheritance of network capabilities to site capabilities or
 whether network roles would just be additional kind of roles for a user.
 An example to clarify:
         * First approach: The "Super Admin" / "Network Administrator" has
 all the capabilities a regular site administrator has, plus the network
 admin area capabilities (like `manage_network` or
 `manage_network_options`), so they automatically behave as if they were a
 site administrator on every site in the network.
         * Second approach: The "Super Admin" / "Network Administrator"
 role only has network admin area capabilities (like `manage_network` or
 `manage_network_options`), so the user also needs to have the site
 administrator role for each site they want to access. (probably not?)
     * If we support inheritance, can we handle the two kinds of roles
 together? A "Network Administrator" that has access to the network admin
 area is conceptually a bit different from a "Network Editor" who can only
 access all site admin areas on that network. If we find solid descriptive
 names, we're probably good here. For example, instead of having a "Network
 Administrator" being the role where one can access the network admin and
 at the same point be an administrator on all the network's sites, maybe
 that role should rather be called "Network Manager", while "Network
 Administrator" is a different role which basically means that user is an
 administrator on all the network's sites, but cannot access the network
 admin area.
     * We would certainly need to handle that in a slow migration path: If
 we introduce a network role system with a predefined set of capabilities
 in let's say 4.8, we write a dev-note at the same time that tells plugin
 authors that they now need to add their custom capabilities to the new
 network role because that role no longer automatically can do anything. At
 this point however we still keep the current super admin functionality in
 sync so that the role actually still can do anything. We wait until 2-3
 releases later to actually remove the sync thing, which means we get rid
 of the `site_admin` network option and from that point on use
 `is_super_admin()` and `get_super_admins()` only to retrieve users
 specified in the `$super_admins` global.
     * Is this the right approach at all? Currently the "Super Admin" /
 "Network Administrator" can do "anything but..." rather than having a
 predefined set of capabilities. While we can address that with a migration
 like described above, we still need to think about whether it _is_ the
 right way to do it. Maybe we need a concept like "Role X can do anything
 under certain circumstances unless specifically denied".
 * How should we handle Multisite / Multinetwork? Multisite is the "easy"
 thing here - for all of the changes here we need to consider Multinetwork
 especially, even though it is not really supported by Core at this point.
 * What do we think a "Super Admin" is? Is that a network administrator
 with specific capabilities, is it kind of a global administrator or is it
 a special thing that can do anything, thus not having a predefined set of
 capabilities? Core itself doesn't really know what a super admin is at
 this point. In most setups it is a network administrator / network manager
 as it's stored in a network option. But if you use the `$super_admins`
 global, it suddenly turns into some kind of a global administrator. Which
 of the two are we going to stick with for that terminology?
 * Can we rename the term "Super Admin" at all (in terms of BC)? It would
 probably become either "Network Administrator" or "Network Manager"
 depending on the approach. If we can't rename it and keep the name for the
 "network administrator" role, how are we going to handle the higher role
 level?

 This will likely become a feature project, but this ticket is for more
 discussion beforehand.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39174>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list