[wp-testers] User Level revisited (after a year)
Owen Winkler
ringmaster at midnightcircus.com
Thu Dec 1 14:50:37 GMT 2005
Andy Skelton wrote:
> WP roles are broadly sufficient, aptly named, highly effective and
> easily managed. If you want more functionality, you can write a plugin
> or commission one. The only possible weakness of the roles system is
> an insufficiency of API hooks.
On this point I agree wholeheartedly.
There needs to be a filter in the WP_User class to let plugins adjust
capabilities of a user after caps from roles are cached. This would
make it even simpler to institute any heirarchical schemes via a plugin.
When I'm done with this email, I'll see about a ticket and patch.
> Well, there is the possibility of misplaced trust (promoting a
> malicious or underskilled person) but that's not WP's fault, is it?
> :-)
That is an excellent point, one that deserves more review.
Here is a sample scenario using the current default permissions:
Alice does not have the publish_posts capability. Alice writes a post
and submits it to Bob, her editor, for review and publication. Bob
reviews the post, and in accordance with their editorial policy, removes
Alice's bias toward BrandX products. Bob subsequently publishes the post.
Alice, who has been granted edit_published_posts capabilities under the
recent WP code update, can now edit that published post, re-inserting
the brand bias and possibly adding any number of bad things that
absolute editorial review would have prevented.
That is what the current workflow allows. I grant that a majority of
bloggers don't care about this workflow, since most sites are small and
self-edited. But remember that even small seemingly innocuous changes
such as this one can have greater effects than expected.
Personally, this change is great for me, since it means that larger blog
sites will need to change their caps to enable true editorial review,
and even with a Role Manager plugin in place, they're still going to
need to pay someone to figure out how their site should be configured.
So yeah, that suits me fine.
Owen
More information about the wp-testers
mailing list