[wp-hackers] User Permissions system overhaul

[Jeff Minard]

On Jun 11, 2005, at 6:39 AM, David House wrote:

> * As per Gabriel White's expert review [1], replace user level numbers
> with names. At the moment, I'd have no idea at all what level 1, 2 or
> 3 meant without the codex handy. Going to 'user level 1', 'user level
> 2', 'author level 1' and so on at least gives me a better idea of what
> each level is meant to represent.
> * An advanced configuration panel for each user where I can select
> (with checkboxes) exactly what this user is and isn't allowed to do.

Agreed on both points. In fact, I can't see how we'll avoid a user  
system overhaul as the package gets more popular. People are really  
starting to find a lot of good uses for WordPress as both a blog and  
as a CMS, and the user permissions area really holds it back as a CMS  
(IMHO).

I think that having a default set of "user groups" that correlate to  
the current 'levels' would be the best way to transition. However,  
this new user system would have an additional secondary nav called  
"User Group Permission". In that tab -- *should you want to * -- you  
could redefine what each user group did. In fact, you could even  
remove or add user groups.

This would allow for the easiest switch over (as it stays, by  
default, the same) while giving people that extra ability to  
customize the permissions. Additionally, it would be a hell of a lot  
easier to figure out exactly what "Author Level 0" can do compared to  
"Author Level 1" if the permissions are right there, and not buried  
in the code/codex.

Finally, the user editing page *definitely* needs some dropdown menus  
for changing user group -- and the ability to "mass change" (select  
multiple user group dropdowns at once). Having to click an author up  
and down is a nice idea, but it gets REALLY tiresome for more than 5  
users (and *no* phpMyAdmin is not an option.)

Jeff