[wp-hackers] User Permissions system overhaul

[Brett Taylor]

Denis de Bernardy wrote:
>>I would have thought that a better system would be to define 
>>a set of classes of user e.g.
>>  Commenter, Author, Editor, Admin (There may be others I 
>>haven't thought of)

I think that's definitely a good set of default User Roles.  As the 
founder/administrator of a collaborative blog with over 15 users 
(excluding admin), I would definetely benefit from something like this.

I would like to see the ability to assign a user more than one role, and 
REALLY like to see the ability to add/update/remove permissions for 
different tasks to new or existing roles.

For example:
======
Administrator: [system]
* Can do everything [system]
* Can manage plugins
* Can edit plugin files
* Can change blog-wide options
* Can manage All users
==
Editor:
* Can create drafts
* Can edit any draft
* Can publish any draft
* Can edit any published post
* Can manage Categories
* Can leave unmoderated comments [provided by spam plugin?]
Author:
* Can create drafts
* Can edit own drafts
* Can publish own drafts
* Can edit own published post
* Can leave unmoderated comments [provided by spam plugin?]
Contributor:
* Can create drafts
* Can edit own drafts (ie cannot edit own published posts)
==

Moderator: [advanced]
* Can edit comments on all published posts
* Can mark comments as Spam  [provided by spam plugin?]
* Can unmark comments as Spam  [provided by spam plugin?]
==
Registered User: [system]
* Can leave comments
* Can edit own comments (?)
==
Guest: [system]
* Can leave comments
==
Sysop: [advanced]
* Can manage All users
==
Theme Tweaker: [advanced]
* Can edit theme files
==
File Uploader: [advanced]
* Can upload files
==
Link Manager: [advanced]
* Can create links
* Can edit links
==
Spam Manager: [advanced] [provided by spam plugin?]
* Can manage Blacklist [provided by spam plugin?]
* Can manage Whitelist [provided by spam plugin?]
======

Where I say "edit" that also includes "delete".

Where I say [system] that means that you couldn't delete these roles, 
but you could delete other roles.

Where I say [advanced] these are non-standard user roles that will 
remain hidden until the option "Enable Advanced User Permissions 
Management" is turned on.

Each Role should have a master "Enabled" switch, which will turn that 
role on and off, and as such, users with a disabled role do not gain the 
permissions that role would normally grant.

So, instead of having the option "Users must be registered and logged in 
to comment", just disable the guest role.  Heck, you could make the 
former option an alias to the latter, or even better, an alias to the 
"can leave comments" permission on the Guest role.

Also, you would need an option like:

* Newly registered users gain these roles:
   [disabled][x] Registered User   (ie, they will always get this role)
             [ ] ...
             [ ] ...
             [ ] other roles

When editing roles, you would probably want to categorise the different 
'user tasks' into 'user task categories" "Administration", "Posting", 
"Commenting", "Links", "Uploading".

With respect to plugins, plugins should be able to add new 'user tasks', 
new 'user task categories', and maybe even new default advanced roles.

.
.
.


Anyway, that's my vision for a truly extensible user permissions 
overhaul. I believe if implemented correctly, WP's user system will 
rival other CMSs.  I hope you share this vision!

I'm putting a copy of this vision here:
http://codex.wordpress.org/User:Glutnix/Advanced_User_Permissions_System_Proposal
Wikis seem to help people think better... I've already revised half of 
the content in this email there already.

-- 
Brett Taylor
- Webmaster
www.webfroot.co.nz

ICQ: 8473626  MSN: weednix at hotmail.com  AIM: webfroot
JABBER: Glutnix at jabber.org.nz   http://inner.geek.nz/