[wp-hackers] User Permissions system overhaul

David House dmhouse at gmail.com
Sat Jun 11 13:39:19 GMT 2005

I've been thinking about how WordPress manages user levels recently,
and I think at the moment there's certainly room for improvement.
Here's my ideas:

* As per Gabriel White's expert review [1], replace user level numbers
with names. At the moment, I'd have no idea at all what level 1, 2 or
3 meant without the codex handy. Going to 'user level 1', 'user level
2', 'author level 1' and so on at least gives me a better idea of what
each level is meant to represent.
* An advanced configuration panel for each user where I can select
(with checkboxes) exactly what this user is and isn't allowed to do.

In terms of implementation for the second point, I think adding a
(user_permissions text) field to wp_users, which is a space-seperated
list of permissions (e.g. 'write-page', 'edit-categories'). We could
then strpos() on this field to see if a user had a specific
permission. I suggest doing it this way because otherwise we'd find
the wp_users table bloated with columns, and every time a new bit of
the admin interface was added, everyone would have to modify the
structure of their DB.

Any thoughts on this?

[1]: http://www.gabrielwhite.com/wordpress/
-David House, dmhouse at gmail.com, http://xmouse.ithium.net

More information about the wp-hackers mailing list