[wp-hackers] User roles - GSOC proposal
Andrew Nacin
wp at andrewnacin.com
Mon Mar 29 04:07:15 UTC 2010
On Sun, Mar 28, 2010 at 9:51 PM, 24/7 <24-7 at gmx.net> wrote:
> Better user-management: +1
> Reworking the system: +1
> Category level permissions: +1
> Multiple Roles: +10!!
>
Roles per category is a non-starter, honestly, for the reasons outlined
below -- there are intentions to move in the opposite direction.
(Workaround: A custom post type has its own set of capabilities.)
So, currently:
- users can have multiple roles
- users can have multiple caps that override those of roles
- for each user, we store the roles and caps as a serialized array in
usermeta
- to get all users who have a role or cap, we query all users in the DB,
load up their roles and capabilities, and filter out those that don't have
the role or cap
There aren't too many plugins that actually use multiple roles -- membership
or newsletter plugins is the main use case.
These two tickets should be studied closely:
http://core.trac.wordpress.org/ticket/10201, and
http://core.trac.wordpress.org/ticket/2531. The IRC log in #10201 in
particular (from summer 2009) was a conversation among at least four core
developers, and a consensus was reached.
The general (and admittedly controversial) idea for 3.1 would be the
following:
- users can have *one* role
- users cannot have any user-specific caps
- for each user, we store the role in usermeta (unserialized)
- to get all users with a role or cap, we can query usermeta
(Just something to keep in mind, roles/capabilities are stored in usermeta *per
blog*, not per user. Hence, in a shared user table or multisite/MU setup,
the user still has a different role for each blog, even with #10201.)
More information about the wp-hackers
mailing list