[All plugins] Do not use minimum user role

I noticed a while back, and got reminded with the new analytics feature in WPMU Dashboard, that WPMUDEV tends to use 'Minimum roles' instead of allowing to choose multiple roles.

I create a copy of the Administrator role for my clients to use, only so I can give them full access but still restrict certain things in WordPress (especially using Adminimize)

Therefore, choosing a minimum role does not help me, since my client and I technically have the same access in a sense.

      • Tony G
        • Mr. LetsFixTheWorld

        We can't compel "the entire WordPress developer community" to do anything ... but we can ask one developer at a time to consider a reasonable change to one plugin at a time.

        Capabilities have been around a long time but for some reason too many people aren't using them. My guess is that they think it's a hassle to create a capability which then needs to be assigned to a role, where it's easier to just display existing roles. But then all of us at some point hit the same lament as the OP here where we don't want want to give functionality to everyone who is in a specific role.

        So perhaps WPMU DEV can take an industry leadership role ( :loudspeaker: Marketing! ) while simultaneously responding to what's now a recognized issue with all of their plugins.

        Here's another idea ... Rather than the plugin itself determining which role gets to perform a function, add hooks for authorization. So if I want people of specific roles, capabilities, countries, bathing habits, or shoe size to do something, I'll code a little function to define that, and simply pass back a true/false. (Stay tuned, we might see this one...)

        • Nathan
          • Getting there

          Believe me I understand exactly what you mean.

          Even when I want to modify capabilities for a user role it is sometimes impossible. Not all plugins even use capabilities, or they share capabilities. I hate that a lot of (Custom plugin) Post types share the same Post type capabilities. Each plugin should have their own unique capabilities.

          [Edit] However I still prefer user roles. I do not want to assign capabilities for each individual user, nor would a client.

          • Tony G
            • Mr. LetsFixTheWorld

            Agreed on using roles, but we assign capabilities to roles and then roles to people...

            And as I noted in that other linked comment, Dev is often using the manage_options capability to determine authorization, not even the administrator role - so I was surprised to see this thread focused on the minimum role. The implication - if someone has authority to manage WP options then that's credentials enough to use this plugin.

            I could call that lazy coding but I tend to think of it more like what most of us developers do with error handling, configuration files, documentation, variable initialization, logging, and some other helpful features. We often write the base code first and then add that stuff later. What many devs do is they just want to get the code into the field, see if it sticks, and then if it's worth it come back for some of this stuff - though in practice that coming back to it part rarely happens. Personally I don't subscribe to that model, but (on topic here) it's not "wrong". It's just a worldview that frequently leads to the kinds of notes that we see in these forums. For some devs/companies, the perceived consequences of that model are minimal compared to the benefits of getting to market faster. It's tough to argue with that.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.