[wp-hackers] User roles - GSOC proposal

Andrew Nacin wp at andrewnacin.com
Mon Mar 29 04:07:15 UTC 2010

On Sun, Mar 28, 2010 at 9:51 PM, 24/7 <24-7 at gmx.net> wrote:

> Better user-management: +1
> Reworking the system: +1
> Category level permissions: +1
> Multiple Roles: +10!!

Roles per category is a non-starter, honestly, for the reasons outlined
below -- there are intentions to move in the opposite direction.
(Workaround: A custom post type has its own set of capabilities.)

So, currently:
 - users can have multiple roles
 - users can have multiple caps that override those of roles
 - for each user, we store the roles and caps as a serialized array in
 - to get all users who have a role or cap, we query all users in the DB,
load up their roles and capabilities, and filter out those that don't have
the role or cap

There aren't too many plugins that actually use multiple roles -- membership
or newsletter plugins is the main use case.

These two tickets should be studied closely:
http://core.trac.wordpress.org/ticket/10201, and
http://core.trac.wordpress.org/ticket/2531. The IRC log in #10201 in
particular (from summer 2009) was a conversation among at least four core
developers, and a consensus was reached.

The general (and admittedly controversial) idea for 3.1 would be the
 - users can have *one* role
 - users cannot have any user-specific caps
 - for each user, we store the role in usermeta (unserialized)
 - to get all users with a role or cap, we can query usermeta

(Just something to keep in mind, roles/capabilities are stored in usermeta *per
blog*, not per user. Hence, in a shared user table or multisite/MU setup,
the user still has a different role for each blog, even with #10201.)

More information about the wp-hackers mailing list