WordPress started in 2003 with a single bit of code to enhance the typography of everyday writing and with fewer users than you can count on your fingers and toes. Since then it has grown to be the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day.

WordPress started out simple. Designed for authors and writers and powered by ease of use and quality, poetic code that quickly gained it popularity with bloggers, especially those that wanted to host their own projects. It has, over the last ~10 years evolved in many ways, complexity included. Since its inception, the official direction of WordPress (as much as any piece of open source software can be officially directed) has without a doubt been in the direction of customization – with the user at the controls. Since its initial 1.0 release, WordPress has added many user-focused features such as plugins, themeing, custom menus, custom post types, widgets and just about everything else we now have come to love and expect from WordPress – including a permissions system.

A permissions system that has encountered a good deal of heated debate recently.

I personally believe that WordPress is first and foremost a blogging platform — one that for a long time has had a large focus on user extensibility and customization. Therefore, because it is a blogging platform, I think it is ridiculous to suggest that WordPress should directly implement a more complex permissions scheme that would allow for multiple role per user management, among other things, when the existing system works quite well for most people. (And by most people, I estimate from the arguments I have seen that that is a figure above 90% of users).

Simplicity is key, and because the existing system does work so well for most people, and is in fact very simple, it should remain as the default system. However, because of the immense popularity that WordPress has achieved, it is no longer just a blogging platform, but is blurring the lines into become a full fledged CMS – something that in many cases requires a more complex permissions system.

So how do you go about pleasing both crowds?

My suggestion is simple, plugins. When a group of users needs a feature, but is not a majority of users, they usually turn to a plugin to provide the required functionality. So its settled then, right? Lets just build a plugin.

Not quite.

Because as of the time of writing, WordPress lacks any of the actions, filters or functions that would be required to make such a plugin integrate well, be simple, and just generally poetic. Currently, a plugin that desired to do this would have to create a separate user role management page — and either remove the stock WordPress user account management page that contains the role selector, or simply hope that users didn’t accidentally go to the role manager and choose a role — wiping out all other configured roles. Both aspects of this solution lack the simplicity for which WordPress is known. Or of course, a major overhaul could be done that would require extensive hacking to make this work.

In addition, most people’s recommendation for when a person needs such functionality is to check out the excellent Role Scoper plugin. However, because of the sheer confusion that this plugin causes due to its huge amount of features, for many installations it is simply too much of a headache when people do not need or want that extent of finely tuned control.

The Demand

I also feel that it is important I address the issue of demand for such a feature. As Andrew Nacin pointed out, the function to add more than one role to a user account had been broken for several versions (Pre WP 3.0), and not one person had commented on it or made a ticket about it. And that’s a valid point — this is a feature that WordPress has builtin, and nobody is using it. So why have it? Well, I think that we would see people start using this feature if only there was a good way. See, most people aren’t programmers. So when they need more functionality they look for a plugin to do the job for them. So go ahead, look it up on WordPress.org, plugins that allow multiple roles per user. (Again, ignoring Role Scoper.) Didn’t find any? I thought so. This is because, as I’ve mentioned, there’s really no good way of actually implementing a user front-end to this function.

In addition, when considering content management systems, most people will breeze right past WordPress without even considering it. Saying, “Well that’s a blogging platform, why would we want that?” I personally believe that WordPress is an amazing piece of software, and that with a small number of plugins it also becomes a good content management system (minus of course the current role issue.) So I think that, in addition to pleasing the small number of bloggers that require this functionality, WordPress is already poised to get in on the CMS crowd as a good, free, open source solution — it just needs better role management.

My Solution

I have created a Trac ticket (#17924) that adds the actions and filters that I feel would be required for WordPress to implement this. Do I think that this is a final step? No, I think that the roles and capabilities system needs a major overhaul, and one that would probably have to wait until a major revision to happen due to the sheer amount of work that would need to be done.

I’ll explain my views on the changes needed in the WordPress administration backend more in another post, but my point here is that there’s a solution on the table. If you like my way of looking at it and more importantly, fixing it, head on over to the Trac ticket and weigh in on the issue. Or you can always feel free to weigh in here on my blog if you aren’t comfortable in the Trac — say perhaps your not a programmer, but you want this feature.

In addition, I do have a plugin ready for release if the changes in my Trac ticket are committed that would create the functionality I’ve been talking about – easy multiple role per user management.

Either way, pro or con, let me know what you think!

————UPDATE————

I’ve uploaded a copy of the WordPress source that is diffed with the patches I’ve submitted to the WordPress Trac along with the v0.1 of my multi role per user plugin. If you need this functionality right away, feel free to download this and use it — but if you do an update from WordPress and my changes haven’t been officially incorporated you will lose this feature and will need to re-upload my changes. Please note: you will need to unzip the multi role per user plugin into your plugins folder and activate it to work. (Using the WordPress source files in the wp-3.3.2-multi-role-diffed.zip file).

If you would like to diff the WordPress source yourself, grab a copy of 3.3.2 from WordPress.org and my diffs at the Trac ticket (#17924). You’ll need my plugin below to see any changes.

Comments
  1. I for one am happy you are trying to address this. I’ve been using WordPress on fairly complex sites, and I’ve bumped into a few issues – this role management issue being the latest. As it is now, I have to create roles that combine other roles, in numerous combinations.

    WordPress, with the appropriate plugins, is really close to being a full fledged CMS. It would be great to have two dashboards available. One to use WordPress as a blogging platform, and another to use it as a CMS.

    Anyhow, I hope things move forward eventually in the role management arena.

    Thanks!

    • Thanks for the feedback!

      I too have been struggling alot with this — one of my sites in particular requires it, so right now I’m running a WordPress install patched with the diffs I uploaded to the trac ticket.

      Actually, on second thought I’ll upload that WordPress install along with my v0.1 of the multiple role per user plugin here so that others that require this right away can use it… Although unfortunately every time you upgrade WordPress this will be wiped out unless my patch gets incorporated.

      Mike

  2. Hi Mike, tried your plug in (mb_multi_role_selector.zip) but got the following error :

    The plugin generated 357 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.

    thx

    • Thanks for the info! I’ll look into it. In the meantime, aside from the issues during activation, will it activate, and if so does it work?

      I just noticed that I had a “debug mode” variable in the code as I pulled it directly from my working copy without too much thought… IT is in debugging after all!

    • @obsidianz

      I’m having trouble reproducing this — although I found that I was forgetful and forgot to put a ?> at the end of the file ^.^

      Not sure if that would’ve caused it, but I’ve uploaded a new version of the plugin so let me know if that fixes it.

      Thanks!

  3. Hi Mike.
    thx for the new update, although i’m still having the error, the plugin got listed in active plugin list. But to be frank i’m not sure where should I check if it works. I looked at the dashboard, users,all users but there’s no changes there.It would be great if you could explain a bit on how to use it. thx.

    • Hi obsidianz,

      Have you installed the diffed version of WordPress (the file right above the role_selector plugin)? The plugin doesn’t work without this modified version (thus why I’m trying to get these changes officially incorporated).

      If you haven’t, then what you need to do is download the wp-3.2.1-multi-role-diffed.zip file, unzip it and take the wp-admin and wp-includes folders and copy them into the root of the WordPress directory. You will need to replace the existing files.

      If you feel more technical you can go to the trac ticket I linked in the main article and download the main diffs and see what the changes are.

      Hope this helps,
      Mike

  4. Hi Michael,
    thanks for pushing this issue with a trac ticket and your suggested diffs! I will try that out now.

    Would you know if those changes still work with WP 3.3? If not: have you got plans to update the code for 3.3?

    Happy New Year,
    Sascha

    • Hi Sascha, thank you! I’d like very much to see this new functionality. Unfortunately it’s been pretty long in coming, any rallying on the trac should hopefully help the cause though!

      At the moment I haven’t done any testing, unfortunately, doing the update wipes out the changes so none of my current sites have the plugin working as I just did the update. So if you want to try it I would definitely suggest not trying it on a production site.

      I think I’ll have time this week to do some testing, and potentially development. Either way I’ll update the trac with how I make out.

      Please do let me know how you make out if you decide to try!

  5. Hi Michael,
    I am getting the same error message as obsidians:

    The plugin generated 357 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.

    Just for your info really. I am not sure what the problem could be…..
    Sascha

  6. Hi Michael,

    This is a great idea. Have you had any traction with the “powers-that-be” at WordPress about the modification of the user roles?

    Question:

    How do drupal and Joomla handle this problem? Do they have more a sophisticated user role system in their CMS’s?

    • Hi Chris, sorry for the very late reply.

      I am starting to get a bit of traction, and it looks like we might be making a push to get it into WP 3.5. I have been and will be very busy this month as its exam time for me, but I hope to have the patch done either late this month or early may.

      As for Drupal and Joomla, I don’t know exactly. I’ve never used Drupal, but Joomla if I remember only had one role per user… Or if it did have multiple then I just never used it.

  7. Hi Mike,

    Thanks a lot for the patch and the plugin, this is just what I needed.
    Got the “The plugin generated n characters of unexpected output…” message, but otherwise everything seems to work like a charm.
    Thanks again! :)

    Cheers,
    Maciek

    • Your welcome Maciek! Glad I could help you, also when 3.4 comes out just repatch it using the latest one in the WordPress trac — as that should work for 3.4 as well. (It works for 3.4 RC1)

  8. Thank you for working on this project. I added my +1 to the trac ticket in hopes that they will take a serious look at it for 3.5. Fingers crossed on my end.

  9. Hi Michael,

    Is the 3.6 Alpha patch you have posted on trac actually in the 3.6 version of WordPress and has it been included in the beta 3.6 since from what I read on your trac discussion it didn’t make the 3.5 release due to timing in the release cycle?
    Great of you to have pushed this forward. Hope it is finally going to get included!

    Thanks,

    John

    • It appears that it has not in fact been added to the 3.6 Alpha…

      The problem with 3.5 was that the patch and the support the ticket received was too late to add something like this into a new version of WP, but it should’ve been fine for 3.6.

      I’m going to try and contact a few of the more influential people that weighed in on the Ticket and see if I can still get the ball rolling for 3.6. Fingers crossed!

      As it is anyone can still diff WP manually with the patch and run that on their site, but I understand how annoying and painful that is.

  10. Hi Michael,

    Thanks for the feedback. I’m prepared to try it out but I’m only currently running 3.5 sites. One not used so much and is also the one that I’d like to be able to give the same user(s) more than one role.
    Am I right from what you say in thinking that the 3.6 patch can be applied to a 3.5 install of WordPress or is it better to only try it on a 3.6 beta install?

    Thanks

    • You could _try_ it on a 3.5 version but the diff may not work. That said 3.5 should be pretty similar to 3.6a so there’s also a reasonable possibility it will. For that reason I’d definitely recommend trying it out in a test environment first as it could potentially break things.

      After applying the diff you’ll also need to download and install the plugin in the downloads section of this page to actually use multiple roles per user if the diff succeeds.

      Either way, let me know how you work out!

  11. OK thanks, I’ll give it a go, may try with the latest 3.6 wordpress nightly release and test som eof the plugins I use to see how they work along with your patch.
    I do hope they didn’t forgot about it in the 3.6 release cycle…

  12. I tried the 3.6 patch on the 3.6 beta and uploaded the mb_multi_role_selector plugin from this page (couldn’t find it on trac). I have 2 plugins that prevent access to content and set them to use the same user and both worked fine simultaneously together. This is a great piece of work and it will be a real shame if it isn’t added to the next releases of WordPress!

    I did this as an error:
    PHP Warning: Missing argument 1 for mb_multi_role_selector::get_admin_options(), called in /path_removed/www/wp-content/plugins/mb_multi_role_selector/mb_multi_role_selector.php on line 41 and defined in /path_removed/www/wp-content/plugins/mb_multi_role_selector/mb_multi_role_selector.php on line 60

    Thanks for sharing

    • Thanks for informing me of this, I’ll make sure to fix it and release an update. Does it appear on all pages or just when you enabled it?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

By submitting a comment you are granting Michael Blouin a perpetual license to reproduce your words and name/web site in attribution. Inappropriate and irrelevant comments will be removed at my discretion.