WordPress started in 2003 with a single bit of code to enhance the typography of everyday writing and with fewer users than you can count on your fingers and toes. Since then it has grown to be the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day.
WordPress started out simple. Designed for authors and writers and powered by ease of use and quality, poetic code that quickly gained it popularity with bloggers, especially those that wanted to host their own projects. It has, over the last ~10 years evolved in many ways, complexity included. Since its inception, the official direction of WordPress (as much as any piece of open source software can be officially directed) has without a doubt been in the direction of customization – with the user at the controls. Since its initial 1.0 release, WordPress has added many user-focused features such as plugins, themeing, custom menus, custom post types, widgets and just about everything else we now have come to love and expect from WordPress – including a permissions system.
A permissions system that has encountered a good deal of heated debate recently.
I personally believe that WordPress is first and foremost a blogging platform — one that for a long time has had a large focus on user extensibility and customization. Therefore, because it is a blogging platform, I think it is ridiculous to suggest that WordPress should directly implement a more complex permissions scheme that would allow for multiple role per user management, among other things, when the existing system works quite well for most people. (And by most people, I estimate from the arguments I have seen that that is a figure above 90% of users).
Simplicity is key, and because the existing system does work so well for most people, and is in fact very simple, it should remain as the default system. However, because of the immense popularity that WordPress has achieved, it is no longer just a blogging platform, but is blurring the lines into become a full fledged CMS – something that in many cases requires a more complex permissions system.
So how do you go about pleasing both crowds?
My suggestion is simple, plugins. When a group of users needs a feature, but is not a majority of users, they usually turn to a plugin to provide the required functionality. So its settled then, right? Lets just build a plugin.
Because as of the time of writing, WordPress lacks any of the actions, filters or functions that would be required to make such a plugin integrate well, be simple, and just generally poetic. Currently, a plugin that desired to do this would have to create a separate user role management page — and either remove the stock WordPress user account management page that contains the role selector, or simply hope that users didn’t accidentally go to the role manager and choose a role — wiping out all other configured roles. Both aspects of this solution lack the simplicity for which WordPress is known. Or of course, a major overhaul could be done that would require extensive hacking to make this work.
In addition, most people’s recommendation for when a person needs such functionality is to check out the excellent Role Scoper plugin. However, because of the sheer confusion that this plugin causes due to its huge amount of features, for many installations it is simply too much of a headache when people do not need or want that extent of finely tuned control.
I also feel that it is important I address the issue of demand for such a feature. As Andrew Nacin pointed out, the function to add more than one role to a user account had been broken for several versions (Pre WP 3.0), and not one person had commented on it or made a ticket about it. And that’s a valid point — this is a feature that WordPress has builtin, and nobody is using it. So why have it? Well, I think that we would see people start using this feature if only there was a good way. See, most people aren’t programmers. So when they need more functionality they look for a plugin to do the job for them. So go ahead, look it up on WordPress.org, plugins that allow multiple roles per user. (Again, ignoring Role Scoper.) Didn’t find any? I thought so. This is because, as I’ve mentioned, there’s really no good way of actually implementing a user front-end to this function.
In addition, when considering content management systems, most people will breeze right past WordPress without even considering it. Saying, “Well that’s a blogging platform, why would we want that?” I personally believe that WordPress is an amazing piece of software, and that with a small number of plugins it also becomes a good content management system (minus of course the current role issue.) So I think that, in addition to pleasing the small number of bloggers that require this functionality, WordPress is already poised to get in on the CMS crowd as a good, free, open source solution — it just needs better role management.
I have created a Trac ticket (#17924) that adds the actions and filters that I feel would be required for WordPress to implement this. Do I think that this is a final step? No, I think that the roles and capabilities system needs a major overhaul, and one that would probably have to wait until a major revision to happen due to the sheer amount of work that would need to be done.
I’ll explain my views on the changes needed in the WordPress administration backend more in another post, but my point here is that there’s a solution on the table. If you like my way of looking at it and more importantly, fixing it, head on over to the Trac ticket and weigh in on the issue. Or you can always feel free to weigh in here on my blog if you aren’t comfortable in the Trac — say perhaps your not a programmer, but you want this feature.
In addition, I do have a plugin ready for release if the changes in my Trac ticket are committed that would create the functionality I’ve been talking about – easy multiple role per user management.
Either way, pro or con, let me know what you think!
I’ve uploaded a copy of the WordPress source that is diffed with the patches I’ve submitted to the WordPress Trac along with the v0.1 of my multi role per user plugin. If you need this functionality right away, feel free to download this and use it — but if you do an update from WordPress and my changes haven’t been officially incorporated you will lose this feature and will need to re-upload my changes. Please note: you will need to unzip the multi role per user plugin into your plugins folder and activate it to work. (Using the WordPress source files in the wp-3.3.2-multi-role-diffed.zip file).
If you would like to diff the WordPress source yourself, grab a copy of 3.3.2 from WordPress.org and my diffs at the Trac ticket (#17924). You’ll need my plugin below to see any changes.