[wp-trac] [WordPress Trac] #36939: Role groups

Wed May 25 02:17:48 UTC 2016

#36939: Role groups
-----------------------------+-----------------------------
 Reporter:  johnjamesjacoby  |      Owner:
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Role/Capability  |    Version:
 Severity:  normal           |   Keywords:  2nd-opinion
  Focuses:                   |
-----------------------------+-----------------------------
 WordPress's roles & capabilities API has support for allowing users to
 have multiple roles, and recent improvements to the Users list table have
 helped improve the administrator experience a bit by showing all roles
 rather than just the first one for each user.

 I think what makes multiple user-roles confusing (or maybe less valuable)
 is that WordPress by itself does not directly benefit from allowing users
 to have multiple roles, because the existing roles are designed to blanket
 all of WordPress's bundled functionality.

 I'd like to propose the introduction of Role Groups, as a layer that lives
 one layer above the main `WP_Roles` object to allow for groups of roles to
 be registered, enabling for users to have at least 1 role from each role
 group.

 ----

 For example:

 * You install bbPress, and Bob cannot publish posts but can moderate the
 forums
 * You install WooCommerce, and Jane can contribute posts to the blog, and
 can also buy items from the store
 * You install BuddyPress, and while Chris can administrate posts, pages,
 and media, he cannot moderate the community

 In the above scenarios, each of these plugins would register their own
 role groups, and any user could easily have 1 role for each "section" of
 the same 1 WordPress site.

 ----

 How could WordPress core use this?

 * Create a role group for Posts, Pages, Media, Comments, and Users
 * Ones ability to Edit posts should not assume they can moderate comments
 * Ones ability to moderate comments should not assume they can publish
 posts
 * Ones ability to upload media & attachments should not assume they can
 publish pages
 * Ones ability to edit an existing user should not assume they can upload
 media

 ----

 How does this complicate things?

 Depending on how deeply this is implemented, potentially greatly, or not
 at all for vanilla WordPress installations.

 * If we keep WordPress's built-in roles identical to how they are today,
 they become 1 role group that grants access to Posts, Pages, Media,
 Comments, and Users; then plugins can define their own role groups, and we
 make sure WordPress has an adequate interface for assigning multiple roles
 for each user.
 * If we separate WordPress's roles into groups for each object type,
 backwards compatibility is a huge issue, as well as how confusing does it
 make granting access and assigning default roles for each group.
 * We may be able to remove the "Default Role" setting UI entirely, and
 leave it to plugins to reopen this functionality for improved support for
 multiple roles.

 ----

 What do we do now?

 Let's talk this through, decide if it's worthwhile, and maybe work towards
 something viable. Much of this can happen without much (if any)
 modification to WordPress core. Worst case, we uncover more areas of
 WordPress that can be improved to support multiple roles per user, and
 address those in separate tickets. Best case, we make the existing roles &
 capabilities API more plugin-friendly.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36939>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform