Opened 13 years ago
Closed 10 years ago
#15636 closed defect (bug) (duplicate)
"New User Default Role" dropdown should order by privilege level
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0.2 |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
The New User Default Role dropdown at wp-admin/options-general.php is in spiffy random order:
- Subscriber
- Administrator
- Editor
- Author
- Contributor
This UI bug suggests that Subscriber and Contributor are the opposite poles of privilege levels. In fact, they are successive steps in increasing privilege. Also, it doesn't make sense to put the least and greatest privileges, Subscriber and Administrator, next to each other.
Please let proximity and position serve their purpose: order this dropdown by level of access, starting with the least access:
- Subscriber
- Contributor
- Author
- Editor
- Administrator
Attachments (2)
Change History (21)
#2
@
13 years ago
- Keywords ux-feedback added; security removed
- Type changed from defect (bug) to enhancement
#3
@
12 years ago
- Keywords ux-feedback removed
Why would we not offer all roles as an option? All roles should be offered.
Visual hierarchy would place those with the most access at the top, not the bottom. Subscriber should be the bottom choice. It is probably at the top b/c when it was coded originally the devs decided that would be the default role rather than forcing the admin to choose by making the default menu state "Select Role" or something.
#4
@
12 years ago
Visual hierarchy would place those with the most access at the top, not the bottom. Subscriber should be the bottom choice. It is probably at the top b/c when it was coded originally the devs decided that would be the default role rather than forcing the admin to choose by making the default menu state "Select Role" or something.
Counterpoint: It's good to encourage use of least privilege roles. Whatever's at the top is more likely to be selected than whatever's at the bottom. Therefore, put least privilege roles at the top.
Also, while ordering has meaning, what is it being ordered on? If it's being ordered on preferred roles, then least privilege at the top is exactly what you want.
#5
@
12 years ago
- Milestone Future Release deleted
- Resolution set to invalid
- Status changed from new to closed
User roles are not hierarchical, therefore they can not be ordered programatically by "privilege level".
#6
@
12 years ago
- Resolution invalid deleted
- Status changed from closed to reopened
Hold on, there's no creative way around this problem? Default roles couldn't somehow be arbitrarily ordered in the presentation layer? I don't want to give up on this so easily. It's a poor practice for the UI to not distinguish between hierarchical security roles.
#7
@
12 years ago
- Keywords 2nd-opinion added
- Milestone set to Future Release
Sure, the default roles could be sorted by hand.
hierarchical security roles
I have no idea what that means.
#8
@
12 years ago
By "hierarchical security roles", I mean there's a relationship between any 2 roles where role A contains all of role B's privileges and more. So you can set up a hierarchy of roles with progressive authority like A > B > C > D > E.
#9
@
12 years ago
Where do custom roles fit into all of this? What about custom capabilities? Or, when the capabilities have been changed for a particular role?
And, how do you decide if a capability is "higher" than another capability? Roles are just groups of capabilities, so the decision would have to be made on the capability layer.
#10
@
12 years ago
I figure the dropdown would show the delivered roles, in order, at the top. Then all custom roles would appear below?
#11
@
12 years ago
It's not a technical problem: custom roles could indeed be added at the bottom, and then a filter could be added, to allow plugins to re-order them as they please.
It's a cognitive problem: you assume roles are hierarchical, which is not necessarily true.
They were hierarchical when user levels were used and they still look hierarchical now, but they need not be, as greenshady said.
#12
@
12 years ago
Let's not get into semantics. Per http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Table, there is an obvious hierarchy of permissions in the default roles, and you can order the roles so that for any role X, there is a role Y that has all of X's privileges and more.
#13
@
12 years ago
- Keywords 2nd-opinion removed
- Type changed from enhancement to defect (bug)
The core roles are hierarchical and wherever they are displayed, they should be ordered hierarchically.
Any other role, we cannot make such assumptions.
#16
@
11 years ago
We have some sample solution of the problem, but there is one controversial point. I apply the two patches.
- one with generic sort - all roles are sorted by capability count (we could discuss this criteria as we need some balance between productivity and end functionality)
- second, separating them by type (default, custom). then sorting by capabilities is applied - first to default roles (which results in the order that we already know) and then on the custom.
The problem is that the function wp_dropdown_roles
reorders them without the filter and places the default user role as first option element in the select, which is probably done for backwards compatibility, where selected="selected"
could work in other way then expected. What would be the best solution for that matter?
I wonder if we should hide Administrator by default. I wasn't aware we even offered all roles as an option.