Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

User:Glutnix/Advanced User Permissions System Proposal

As the founder/administrator of a collaborative blog with over 15 users (since the b2 0.60 days, I would definitely benefit from an improved user permissions system.

For example, currently I can't have users who can add links but are unable to edit categories. I have to have users who can edit categories but can't edit links, or users who can do both.

I've described below what I think would be a really useful and extensible permissions system that beginners and power users alike could use. It's definitely a big vision, but I hope that WP developers will share the vision.

Who this document is for

I've created this wiki page to inspire the WordPress Developers into creating something powerful.

Why this proposal is complicated

I've gone to quite a bit of detail, and maybe I'm shooting for the moon a bit, but this is how I think it should work behind the scenes. The final product could be simpler than this, but it should definetely not be any more complicated than this.

I understand that the majority of WordPress users won't need this level of control, and hence why I'm pushing for an Expert Mode which would hide the majority of the features, leaving only a bare minimum of Roles to assign to users. Those who needed it could enable Expert Mode, revealing all the advanced roles and advanced tasks that can be assigned and granted.

Terms

Tasks

A particular task a user with permissions to this task can perform, eg: Publish a Post. Could be provided by the WP Core, or a plugin.
  • A user with permissions to a task should always ENABLE a user to perform a task, not PREVENT them from doing one. That's what a user's lack of permissions to a task does.

Role

A preset group of granted permissions to tasks that, when assigned to a user, allows the user to perform the tasks.
  • Some roles, such as Administrator, Registered User and Guest are provided by the Core, and are editable by a user manager, but cannot be deleted.
  • Users can have more than one role.
  • User Managers can also create, manage, and delete custom roles.
  • Some custom roles will be provided upon installation.
  • A plugin should be able to create a role.
  • Each Role should have a master "Enabled" switch, which will turn that role on and off, and as such, users with a disabled role do not gain the permissions that role would normally grant.

Expert Mode Role

These are non-standard user roles that will remain hidden until the general option "Expert Mode" is turned on.

Task Category

A grouping of different tasks into categories. Some sample categories could be: Administration, Posts,

Comments, Pages, Links, Uploading. These groupings would be provided by the core and plugins.

Example Roles

These are some roles I thought of that would be smart to implement. I've included as many tasks as I could think of, but I probably haven't unpacked WP enough to get all of them. I've also tried to consider good default roles for users.


System Roles

These roles are unremovable, but editable.

Administrator

All permissions will be locked to ON.

  • Can do everything
  • Can manage plugins
  • Can edit plugin files
  • Can change blog-wide options
  • Can grant (and revoke) roles to users
  • Can manage user roles

Registered User

  • Can leave comments
  • Can edit own unpublished comments (?)
  • Can edit their own comments (?) //Added by Matteo

Guest

  • Can leave comments

Suggested Default Roles

Editor

  • Can create drafts
  • Can edit any draft
  • Can publish any draft
  • Can edit any published post
  • Can manage Categories
  • Can leave unmoderated comments [provided by spam plugin?]
  • Can edit any page

Author

  • Can create drafts
  • Can edit own drafts
  • Can publish own drafts
  • Can edit own published posts
  • Can edit own pages
  • Can leave un-moderated comments [provided by spam plugin?]
  • Edited published posts show as [Edited].

Contributor

  • Can create drafts
  • Can edit own drafts (ie cannot edit own published posts)
  • Can revert own published posts to drafts

Expert Roles

These are potential non-standard user roles that will remain hidden until the option "Expert Mode" is turned on.

Sysop

  • Can grant (and revoke) roles to users who don't have this power.
  • Can edit theme files

Moderator

  • Can edit comments on all published posts
  • Can mark comments as Spam [provided by plugin]
  • Can unmark comments as Spam [provided by plugin]

File Uploader

  • Can upload files

Link Manager

  • Can create links
  • Can edit links

Spam Manager

As an example, this role would be provided by a spam plugin (maybe SK3 ;) )

  • Can manage Blacklist [provided by plugin]
  • Can manage Whitelist [provided by plugin]

Notes

  • Where a task says the word "edit" that also includes the ability to delete (unless whoever implements this decides that they want to keep these tasks seperate.
  • Instead of having the option "Users must be registered and logged in to comment", just disable the guest role. Heck, you could make the former option an alias to the latter, or even better, an alias to the "can leave comments" permission on the Guest role.
  • I'd imagine a role editing page would list the different roles, have the "Expert Mode" checkbox somewhere on it. Expert mode would reveal the edit column and add buttons.
  • Editing a particular role would show the different task categories and tasks in several columns with checkboxes.
  • Turning off Expert Mode would either:
    • Revoke all Expert Mode roles from users that had them, or
    • Disable all Expert Mode roles and not show them when granting/revoking roles to users.
  • A view that would display users and all the roles they had in a table with users down the left and roles along the top.
  • A view that would group users by role -- this would be useful if the number of roles got out of hand -- think Restrict User to Category Plugins.
  • Heck, you might even want to be able to group roles into categories...
  • To grant/revoke roles to users users, you would have this on a "edit user permissions" page somewhere:
 [disabled][x] Registered User   (ie, they will always get this role)
           [ ] ...
           [ ] ...
           [ ] other roles
  • The Guest account wouldn't appear in this list, because they just graduated from that.
    • Maybe all users could inherit Guest as well as Registered User... ?
  • The Administrator role will not appear in this list, because that's just a blatent security risk.
  • You would also need to have "Newly Registered User" as a system-provided user, just like Admin. This user would not be able to log in at all, but would rather serve as a template of roles that newly registered users would get by default.

Backwards Compatibility

How would we port users at different WP 1.5 user levels to different user groups?

  • Creating "1.5 User Level n" roles with equivelent permissions on upgrade. It's an option, but not ideal.
  • "All users with levels between n and n have these roles: ..., ..., ..."