[wp-hackers] Capabilities as a taxonomy

Mike Schinkel mikeschinkel at newclarity.net
Sat Jan 23 22:03:43 UTC 2010


On Jan 22, 2010, at 11:48 AM, Otto wrote:
> The main cases I see are:
> "does user A have capability X?"

Clearly. 

> "what roles does user A have?"
> "what capabilities does role R have?"

For clarity, when is that needed other than on a hypothetical admin page for managing roles?

> Given this, I'd probably make the roles into usermeta fields (_role?),
> and make the capabilities into terms in a taxonomy, linking them to
> role names. User has role AAA, and a taxonomy exists with AAA or
> something as the name of it. Terms like "can_edit_posts" and similar
> are related to that role.

If you are doing to do that, shouldn't it be "role_AAA" instead of just "AAA?"  If not you'll more easily see name clashes for names with different contexts.

On Jan 22, 2010, at 12:48 PM, Jordi Canals wrote:
> Maintaining this plugin, the most asked question and the feature most
> requested from MU users had been to provide a way to disallow managing
> capabilities at blog level and to force them at site level. An option to
> allow that to site admins would be really a valuable setting.

+1

On Jan 22, 2010, at 3:12 PM, Moya, Eddie wrote:
> That makes some sense. I think if wordpress moved toward having more
> granulized capabilities (e.g. Different caps for widgets/themes, or further
> still, different caps for items/areas within a page), which it really should
> do, then a system where you treat caps like a taxonomy starts to make a lot
> of sense. 
> 
> However with regard to assigning multiple roles to a single user, Im not
> sure if I completely understand why that is necessary. It seems to me this
> would create complications in a large system. It could potentially lead to
> lots of unique sets of users with no single way to describe them.
> 
> For example, if you had a separate editors (e), writers (w), comment
> moderators (cm), etc,.. You might have a bunch of users who are (e + w), and
> then one or two who are w + cm and some who are e + w + cm.

Not allowing multiple roles to a single user could lead to a maintenance nightmare for admins those sites that don't want to have to duplicate the capabilities for a role in every combination with other roles, i.e. e+w, e+cm, e+w+cm, etc.

> While this doesn't seem all that problematic in the small scale, once you
> consider that a large site using wpmu might have thousands of users, on
> hundreds of blogs, with a good number of custom caps for plugins - it can be
> a user permissions nightmare.

While I don't see how that's really a problem, if it is the solution it to re-architect your permissions for the specific site not to be set up that way.  A plugin that allows role merging and renaming would solve your problem there. 

-Mike


More information about the wp-hackers mailing list