[wp-hackers] User roles - GSOC proposal
24-7 at gmx.net
Wed Mar 31 17:02:02 UTC 2010
> I do see why you want to go this route but I'd like to propose you consider and 3rd solution:
> Implement it the way you are thinking for performance but make it appear in the admin that there are distinct roles. Allow some roles to be *defined* roles and others to be *derived* roles.
> For example, let's assume we have ContentEditor and FilesModerator roles; both would be *defined* by the admin. In the UI the admin could assign both roles to a user but behind the scenes a *derived* role of "ContentEditor-FilesModerator" would be created using the combination of the two roles (though this role would never be shown > to the admin or to users.) When the admin later updates the capabilities of ContentEditor the ContentEditor-FilesModerator role is also updated behind the scenes.
> Simple for the end user and accomplishes the same performance goals you mention with the only downside it taking slightly longer to save a role when the role's capabilities are updated.
This is what i think, should really be considered: When someone
installs WP, he autom. get's an "admin"-account... with no
restrictions. So the only really "preconfigured" role we need is the
100%-"AAA"-admin(istrator). Looking at a lot of system that use WP as
a CMS and looking at all those discussions where "canonical plugins"
or "core plugins" (like comments) take place, i can see nothing that
holds us (the community) back from asking: Why do we have
preconfigured roles, when WP can take such an ammount of possible
So: We don't need anything more than a capability-system with a "All
CAPs"-role of admin. Plus: If we take this route and we consider a
way, where plugins could hook their capabilities into, we would have a
pretty flat, small and (perhaps clever?) system that could fit any
purpose from 1 to 10.000k-user and -role systems.
Why do we make everything so complicated and over-preconfigured? Is it
because we love traditions (for ex. posts-table instead of content-
More information about the wp-hackers