[wp-hackers] "commenter" user role

Mike Schinkel mikeschinkel at newclarity.net
Sat Mar 6 20:59:16 UTC 2010


On Mar 6, 2010, at 8:20 AM, John O'Nolan wrote:
> I'm sorry, didn't you just say:
> 
> "Seems weird behavior to me, but maybe I just don't understand the rationale."
> 
> But now you're giving multiple examples in context for the rationale? You either understand it or you don't. Don't call the issues that I raise "weird" and then go on to raise the exact same issues yourself.

Touche'.  I didn't see it at first because your example use cases seems arbitrary to me, i.e. John, John O'Nolan, JohnONolan. Then as I was thinking through different roles I recognized the use cases. I learn best when I'm defending an idea, not necessarily when looking at other's defenses. So sorry, my bad.  

> "Let's say I ran a company in the past and left a lot of comments using my gmail address but with my prior company's URL.  Now I've sold that company and started a new one; should the links on the old posts all change to be for my new URL?"
> 
> This is completely irrelevant. In this case you would be abusing the Wordpress comment form, and if the wrong company name showed up at some point then that's your own fault.
> The form does not say "Hey what company do you work for?" or "Hey please spam us cause you think it has SEO value" it says "Name" - like, your name - not that hard to understand.

It's not irrelevant and it would not be an abuse of the WordPress comment form; you are doing the same you just called me out for; not seeing the use case. At least in my defense I asked you if I was missing something. :-)

Here are some examples.  I used to run a company called VBxtras that sold software developer tools to Visual Basic developers.  I now am partners in a coworking space called Ignition Alley and executive director of a non-profit called Startup Atlanta. If I commented on a web post about Visual Basic development I might have left my name as "Mike Schinkel, President of VBxtras." Today when commenting on a post about coworking I might want my name to be "Mike Schinkel, Partner at Ignition Alley."  And when commenting on a post about startup issues I might want my name to be "Mike Schinkel, Executive Director of Startup Atlanta."  (of course the name fields sux for all that but how else to provide it? In the comment, maybe.)

And there's no real SEO value in any of those things I mention, it's not like I suggested my hyperlinked name be "Visual Basic Developer Tools" or "Atlanta Coworking" (for Startup Atlanta there are not obvious keywords for search traffic.)  It's about transparency on my part and wanting to provide people with appropriate context.  What's more, to help people change all their past names and URLs at once would help spammers to promote their latest scammy endeavor.

Which actually brings up a great point and that is it would be helpful to have optional company & role fields for comment forms so if someone wanted to identify themselves it would be possible. 

> We should not be catering to the issues of spammers. Yes, I'm sure there are a few legitimate cases where one might leave a company name in the "name" field, but we both know that 99% of the time it's done by spammers, not real people.

Agree. My point were not "issues for spammers" though. You assumed wrongly from my discussion just as I assumed wrongly from yours.


On Mar 6, 2010, at 11:59 AM, Otto wrote:
> Essentially by linking to the user table you're either wanting to a)
> not let comment authors be anonymous or b) wanting to pollute the
> users table with a bunch of fake unverified informations.

Or "c)", simply don't record anything in the wp_users tables for anonymous commenters since you don't have any data about them.

As you said about security it's not a binary thing; don't make it a false dichotomy.

> No, that doesn't really solve the problem of tons of crap in the users table.

But "c)" does.
> 
>> Just to clarify: open user registration would *not* be required for the
>> "commenter" role proposal to function.
> 
> Yes, it should be linked to that option, because by making users,
> you're implicitly giving the ability to log in to them.

Not if commenters are explicitly not allowed to log in when such an option is specified in the admin.

> If somebody
> can create an entry in the users table, then they have registered on
> the site. That's what registration *is*.

Then *redefine* what registration *is*, problem solved.

On Mar 6, 2010, at 1:00 PM, Jeff Waugh wrote:
>> I never liked the duplication that occurs: when a logged-in user leaves a
>> comment: his email, for example, is stored both in the wp_users table, and
>> the once more for each comment.
> 
> One advantage to this denormalisation (if we're being anal retentive about
> it)... historical accuracy.

I agree with that which is my point from earlier to John O'Nolan which he mistook to be advocating for spammers.  

Still, I  think moving commenters to wp_users tables is beneficial because it creates an explicit entity for a commenter vs. the current artifactual approach which allows metadata to be applied and UI to be created around commenters (vs. just around comments.)  

More uses: a site owner could adds notes about a commenter for future reference, and a site owner could elevate frequent trusted commenters to have specialized rights on the site (to moderate comments, maybe, or create posts that must be approved by the site owner) and everything they do could be tied back to their user record and thus potentially displayed on their user page.  I'm assuming these added functionalities would come from plugins, but to empower these to work together across plugins you really need a record in the database for each commenter that is canon.

-Mike


More information about the wp-hackers mailing list