[wp-hackers] User roles - GSOC proposal

Andrew Nacin wp at andrewnacin.com
Tue Mar 30 17:27:41 UTC 2010


On Mon, Mar 29, 2010 at 8:53 PM, Mike Schinkel
<mikeschinkel at newclarity.net>wrote:

> Thanks. I assumed by your comments that those capabilities might be going
> away.  Very cool, glad they are not.


I had said "user-specific +/- capabilities," so I understand the confusion.
The current system has three rarely used features, and I was referring to
the second and third I list here:

1. A user can have multiple roles (in the same blog).

     Ex: A user can be given the Editor and Administrator roles at once.
(Since all capabilities in the Editor role are also in the Administrator
role, then this would have no effect.)

2. A user can have capabilities assigned to them individually, in addition
to the capabilities they get through roles.

     Ex: A user with the Editor role can also be given the activate_plugins
capability.

3. A user can have capabilities removed from them, negating capabilities
they get through roles.

     Ex: A user with the Editor role can be stripped individually of the
unfiltered_html capability.

These three features of the roles/capability API are precisely what cause
scalability problems, particularly in the users API. Sure, they sound
useful, but how many people actually use them? Instead, this would be the
new system:

    1. The user with both the Administrator and Editor roles would just have
the Administrator role. If the Editor role had capabilities that the
Administrator role did not have, then the user would be assigned instead to
a third role with the merged capabilities of Administrator and Editor.

    2. A user with the Editor role plus activate_plugins would need to be
assigned to a new Super Editor role with the activate_plugins capability,
plus the capabilities that make up the Editor role.

    3. A user with the Editor role without the unfiltered_html capability
would need to be assigned to a new Filtered Editor role with the
capabilities that make up the Editor role, minus unfiltered_html.

Moving capabilities squarely to roles make the entire system much more
scalable, and hence why it is desired.


More information about the wp-hackers mailing list