Roles and Capabilities in bbPress 2.2
bbPress 2.2 implements a new way to think about user roles in both WordPress and bbPress. A few users have posted up having issues after upgrading, so I’m going to take some time to explain what changed and why.
The problem bbPress 2.2 addresses, is the situation where a users ability to take certain actions in the forums was dictated by their role on the entire site, or their “blog role” as I’ll refer to it in some places going forward.
This means that in the past, a user could not be both a blog Editor and a forum Moderator at the same time; you’d need to be one or the other, and it was clear this wasn’t what anybody wanted.
In bbPress 2.0 and 2.1, every time you activated bbPress on a site, it went in and added a bunch of capabilities to the database. You never knew this, but it needed these roles so that users could perform certain tasks. bbPress would go in and modify the core WordPress roles, to add these capabilities to them. This made multisite installations a challenge, and network activation was very difficult too, because these roles needed to be added to every single site.
For existing users of sites, bbPress performed a bunch of calculations and educated guesses to automatically grant users with certain roles and capabilities. To do this, it would eventually need to add capabilities to the user, or switch them to a role that had those capabilities already; Forum Participant.
Subsequent updates to bbPress required database migration scripts for every change to user roles and capabilities. This is a lot of work for very little gain, since we’re not solving any problems with users needing multiple roles, and at the same time we’re polluting the database with a bunch of data that doesn’t change 99% of the time.
Under the hood, WordPress comes with support for users having multiple roles, and this is a perfect use-case for needing that functionality. Roles are just groups of capabilities. If a user has a role, it’s safe to assume they also have certain capabilities, right?
Wrong. Kind of. Sometimes.
Capabilities are saved in the database, per user, per site, and they bubble based on the role they are granted. If you use any plugin that modifies editable roles or capabilities in the database, what you’re doing is changing the individual capabilities for every user that gets that role going forward, but not necessarily every user that had that role in the past.
Remember, individual users have individual capabilities. When a user gets a new role that is modified in some way, they also get assigned the changed capabilities, either positive or negative. Negative capabilities are explicitly negative, and neither WordPress nor bbPress use these in core. They’re tricky, and make it easy to break things.
Once you’ve gone this far in, you’re playing with fire and will likely get burned. You now have altered core user roles, extra forum user roles, and a mish-mash of registered users with a random assortment of capabilities, based on when they signed up, what role they were granted, and what you happened to have changed that blog role’s capabilities to be at that moment.
To top this all off, there is no “repair” for your users, they’re basically stuck.
For bbPress users that never modified user roles or capabilities, their update process would be smooth sailing. It’s the modifications to database permissions that cause issues with bbPress 2.2. Why?
bbPress 2.2 introduces the concept of “dynamic roles” VS WordPress’s “editable roles.” What’s the difference? Editable roles are saved in the database, and allow you to completely shoot yourself in the foot (as above) once you start changing them around. Dynamic roles do not touch the database in any way, other than to assign the 1 role to the user, side-by-side with any other role they might have on your site.
bbPress comes with filters to allow you to modify the roles, and it’s still possible to add or subtract specific forum capabilities to a user if you needed to, and without all the fuss and danger of bbPress interfering with existing user roles and capabilities.
For users that are stuck with users that can’t access the forums, try using the forums role repair tool, located in:
Admin > Tools > Forums
That tool loops through your users, and grants them a forum role based on their blog role based on the following map:
Admin = Keymaster Editor = Participant Author = Participant Contributor = Participant Subscriber = Participant
The map can be filtered, as can the default role of Participant. The problem will come in with existing users that have modified Participant roles that you may have tinkered with. They’ll end up with capabilities that are totally out of whack, no matter what you do. You’ll need to use an additional tool on top of this, if you want to clean up those old roles introduced by plugins like S2member.
Going forward, I’d like to get a better idea on what these plugins are doing, and make sure that bbPress plays as nicely as it can with them. Dynamic roles in WordPress core are probably a few releases away, but it’s important to bbPress’s future to have them in and working as soon as possible, to get everything dialed in for everyone.
You must be logged in to reply to this topic.