Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom user roles for Learn WordPress #220

Open
varlese opened this issue Jun 15, 2021 · 7 comments · Fixed by #244
Open

Custom user roles for Learn WordPress #220

varlese opened this issue Jun 15, 2021 · 7 comments · Fixed by #244
Labels
[Component] Learn Plugin Website development issues related to the Learn plugin. Priority - High High priority issue. [Type] Enhancement New feature request for the Learn website.
Milestone
Hack Day

Comments

@varlese
Copy link
Collaborator

varlese commented Jun 15, 2021

As part of this discussion, I'd like to propose two custom user roles for Learn WordPress. The goal would be to add in these two new user roles to help create more granular user access to better reflect the structure and permissions needed for contributing.

The two new proposed roles would be:

  • Workshop Reviewers, which would provide "Deputy"-level access for reviewing workshop applications
  • Lesson Plan Editors, which would provide edit access to all Lesson Plans on the site

With this proposal, the full list of user roles on Learn would look like:

User Role Permissions
Author Edit access to specific Workshops and specific Lesson Plans
Lesson Plan Editors Edit access to all Lesson Plans
Editors Edit access to all Lesson Plans, all Workshops, and Courses
Workshop Reviewers Edit access to all content types, deputy-level access to meta field for application vetting, and ability to add new users to the site
Administrators Full site access and permissions
@varlese varlese added the [Type] Enhancement New feature request for the Learn website. label Jun 15, 2021
@iandunn iandunn mentioned this issue Jun 28, 2021
Closed
@iandunn
Copy link
Member

iandunn commented Jun 28, 2021

That seems like a good idea, and it's not hard to implement.

WP's role system can be limiting, because users can only have 1 role, but it's probably good enough in this case. On WordCamp.org w/ have a hardcoded list of usernames, and add specific capabilities to them at runtime, but I don't think that's needed in this context. Here we don't need to require proxy access, or grant access to multiple sites.

I'd personally lean towards trusting folks with the regular Editor role, rather than creating new ones, but I don't feel strongly. The security issues seem limited, and giving people trust/autonomy reduces friction when someone's contributions take them beyond their normal role. It also has intangible benefits for the social health of teams IMO. The cluttered admin menus could possibly be solved in a more direct way. I don't feel strongly, though, happy to create the new roles too.

@courtneyr-dev
Copy link
Collaborator

We've bumped into a few issues where folks have editing content that we would rather they not, such as the lesson plan template reusable block.

Thanks @varlese for summarizing this.

@varlese
Copy link
Collaborator Author

varlese commented Jun 29, 2021

That's a helpful example @courane01, thanks!

In practice, I think the only role we're using right now is Editor, since nothing else quite fits the team's workflow. Two places where that really "breaks" are:

  • When vetting workshop or course applications, there is some private information included that would benefit from some extra permissions needed (like Deputies and WordCamp/meetup vetting).
  • For new contributors, it's pretty common to start contributing through either writing a new lesson plan or reviewing a draft lesson. With that, my understanding is that the Author permissions can get a little clunky and add some more overhead for Training reps when adding new folks to the site to help with those tasks specifically.

On that second point, though, I'd defer to @courane01's thoughts since she works a lot more closely with onboarding new team members!

@azhiya
Copy link
Collaborator

azhiya commented Jul 2, 2021

I'll add my support to the need to have more defined roles for Learn. I'm in the middle of trying to unpick what has happened to 2 lesson plans. The drafts were created (without using the defined style guide) and then subsequently deleted as they went down the workshop route instead. However, someone was willing to work on these as lesson plans and now we have to start from scratch. Therefore a review process before anyone deletes or publishes something in Learn is needed.

@hlashbrooke hlashbrooke added this to the Audit tool milestone Aug 3, 2021
@hlashbrooke hlashbrooke added [Component] Learn Plugin Website development issues related to the Learn plugin. Priority - High High priority issue. labels Aug 26, 2021
@coreymckrill coreymckrill self-assigned this Sep 29, 2021
@coreymckrill coreymckrill modified the milestones: Audit tool, Hack Day Sep 29, 2021
@coreymckrill coreymckrill mentioned this issue Oct 5, 2021
Merged
coreymckrill added a commit that referenced this issue Oct 7, 2021
@coreymckrill @iandunn
Add custom roles, capability types for lesson plans / workshops (#244)
1b62e06 
Adds two new custom roles, Lesson Plan Editor and Workshop Reviewer, to the Learn site, which necessitates using custom capability types for the Lesson Plan and Workshop post types. Also introduces a custom capability for viewing/managing internal notes on the Workshop post type (enabled by the Internal Notes plugin), because only Admins/Workshop Reviewers should be able to see the notes, not Editors.

Fixes #220
Fixes #223

Co-authored-by: Ian Dunn <[email protected]>
@courtneyr-dev
Copy link
Collaborator

courtneyr-dev commented Jul 29, 2022
edited

Current user roles:
image

  • workshop reviewer
  • lesson plan editor
  • teacher
  • subscriber
  • contributor
  • author
  • editor
  • administrator

Proposed changes:

  • Tutorial reviewer (renaming as the content type has been renamed)
    • Edit access to all content types
    • Deputy-level access to meta field for application vetting
    • Ability to add new users to the site
  • Lesson Plan Editors: remove, is redundant with editors
  • Reviewer: edit access to all site, cannot publish own posts without another person reviewing
  • Teacher - it is unclear what this role can do or access - can this be answered?
  • Author: Edit access to specific Workshops and specific Lesson Plans
  • Editor - Edit access to all Lesson Plans, all Workshops, and Courses, not vetting applicants

@courtneyr-dev courtneyr-dev reopened this Jul 29, 2022
@webtechpooja
Copy link
Collaborator

I agree with Courtney's concern, So many roles might create confusion. So here we can have a few roles, like:

  • Author - Edit access to specific Workshops and specific Lesson Plans
  • Editors - Edit access to all Lesson Plans, all Workshops, and Courses
  • Tutorial Reviewers - Edit access to all content types, deputy-level access to meta field for application vetting, and the ability to add new users to the site
  • Administrators - Full site access and permissions

@azhiya
Copy link
Collaborator

azhiya commented Jul 29, 2022

Agree with both @courtneyr-dev and @webtechpooja. I'd vote for the streamlined version that Pooja has outlined above.

@coreymckrill coreymckrill removed their assignment Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[Component] Learn Plugin Website development issues related to the Learn plugin. Priority - High High priority issue. [Type] Enhancement New feature request for the Learn website.
Projects
LearnWP Website Development
Status: Issues
Milestone
Hack Day
Development

Successfully merging a pull request may close this issue.

Add custom roles, capability types for lesson plans / workshops WordPress/Learn
7 participants
@iandunn @coreymckrill @varlese @hlashbrooke @courtneyr-dev @webtechpooja @azhiya