[wp-hackers] User Permissions system overhaul

Peter Westwood peter.westwood at ftwr.co.uk
Sat Jun 11 15:01:50 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Sat, June 11, 2005 2:39 pm, David House said:
> I've been thinking about how WordPress manages user levels recently,
> and I think at the moment there's certainly room for improvement.
> Here's my ideas:
>
> * As per Gabriel White's expert review [1], replace user level numbers
> with names. At the moment, I'd have no idea at all what level 1, 2 or
> 3 meant without the codex handy. Going to 'user level 1', 'user level
> 2', 'author level 1' and so on at least gives me a better idea of what
> each level is meant to represent.
> * An advanced configuration panel for each user where I can select
> (with checkboxes) exactly what this user is and isn't allowed to do.
>
> In terms of implementation for the second point, I think adding a
> (user_permissions text) field to wp_users, which is a space-seperated
> list of permissions (e.g. 'write-page', 'edit-categories'). We could
> then strpos() on this field to see if a user had a specific
> permission. I suggest doing it this way because otherwise we'd find
> the wp_users table bloated with columns, and every time a new bit of
> the admin interface was added, everyone would have to modify the
> structure of their DB.
>
> Any thoughts on this?
>

My two pence.

In general this doesn't sound very user-friendly to me!

Too much configurability like this can make it very hard for the nieve user.
It also become very unwieldy and hard to understand who has what permissions.

I would have thought that a better system would be to define a set of classes of user
e.g.
  Commenter, Author, Editor, Admin (There may be others I haven't thought of)

Where each type of user has specific functionality and they stack up nicely so that each user type gets the abilities
of the lower user types.  We could then have some plugin hooks to allow plugins to be developed to provide any finer
grained control that an end user might require - e.g. authors being tied to particular categories.

I do agree that you should not have to go to the codex to understand what abilities a particular level of user will
have - except maybe for the finer details.

I think it is important to strike a balance between understandability and fine-grained control - if we want
fine-grained control then maybe we need to add the idea of user groups to wordpress and it is the group rather than
the indiviual user that has the type of fine-grained control that David is suggesting.

westi
- --
Peter Westwood
Blog: http://www.ftwr.co.uk/blog/
Get Firefox: http://www.spreadfirefox.com/?q=affiliates&id=20287

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCqvzeVPRdzag0AcURAnVKAKCi9vKShPWxWITWyc7RMTNQQAJcyACfWGrF
LhL7cI3OJmcw9pGAJqM4H5U=
=lAAI
-----END PGP SIGNATURE-----



More information about the wp-hackers mailing list