Learn icon indicating copy to clipboard operation
Learn copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Custom user roles for Learn WordPress

Open varlese opened this issue 4 years ago • 7 comments

As part of this discussion, I'd like to propose two custom user roles for Learn WordPress. The goal would be to add in these two new user roles to help create more granular user access to better reflect the structure and permissions needed for contributing.

The two new proposed roles would be:

  • Workshop Reviewers, which would provide "Deputy"-level access for reviewing workshop applications
  • Lesson Plan Editors, which would provide edit access to all Lesson Plans on the site

With this proposal, the full list of user roles on Learn would look like:

User Role Permissions
Author Edit access to specific Workshops and specific Lesson Plans
Lesson Plan Editors Edit access to all Lesson Plans
Editors Edit access to all Lesson Plans, all Workshops, and Courses
Workshop Reviewers Edit access to all content types, deputy-level access to meta field for application vetting, and ability to add new users to the site
Administrators Full site access and permissions

varlese avatar Jun 15 '21 20:06 varlese

That seems like a good idea, and it's not hard to implement.

WP's role system can be limiting, because users can only have 1 role, but it's probably good enough in this case. On WordCamp.org w/ have a hardcoded list of usernames, and add specific capabilities to them at runtime, but I don't think that's needed in this context. Here we don't need to require proxy access, or grant access to multiple sites.

I'd personally lean towards trusting folks with the regular Editor role, rather than creating new ones, but I don't feel strongly. The security issues seem limited, and giving people trust/autonomy reduces friction when someone's contributions take them beyond their normal role. It also has intangible benefits for the social health of teams IMO. The cluttered admin menus could possibly be solved in a more direct way. I don't feel strongly, though, happy to create the new roles too.

iandunn avatar Jun 28 '21 19:06 iandunn

We've bumped into a few issues where folks have editing content that we would rather they not, such as the lesson plan template reusable block.

Thanks @varlese for summarizing this.

courtneyr-dev avatar Jun 29 '21 16:06 courtneyr-dev

That's a helpful example @courane01, thanks!

In practice, I think the only role we're using right now is Editor, since nothing else quite fits the team's workflow. Two places where that really "breaks" are:

  • When vetting workshop or course applications, there is some private information included that would benefit from some extra permissions needed (like Deputies and WordCamp/meetup vetting).
  • For new contributors, it's pretty common to start contributing through either writing a new lesson plan or reviewing a draft lesson. With that, my understanding is that the Author permissions can get a little clunky and add some more overhead for Training reps when adding new folks to the site to help with those tasks specifically.

On that second point, though, I'd defer to @courane01's thoughts since she works a lot more closely with onboarding new team members!

varlese avatar Jun 29 '21 19:06 varlese

I'll add my support to the need to have more defined roles for Learn. I'm in the middle of trying to unpick what has happened to 2 lesson plans. The drafts were created (without using the defined style guide) and then subsequently deleted as they went down the workshop route instead. However, someone was willing to work on these as lesson plans and now we have to start from scratch. Therefore a review process before anyone deletes or publishes something in Learn is needed.

azhiya avatar Jul 02 '21 14:07 azhiya

Current user roles: image

  • workshop reviewer
  • lesson plan editor
  • teacher
  • subscriber
  • contributor
  • author
  • editor
  • administrator

Proposed changes:

  • Tutorial reviewer (renaming as the content type has been renamed)
    • Edit access to all content types
    • Deputy-level access to meta field for application vetting
    • Ability to add new users to the site
  • Lesson Plan Editors: remove, is redundant with editors
  • Reviewer: edit access to all site, cannot publish own posts without another person reviewing
  • Teacher - it is unclear what this role can do or access - can this be answered?
  • Author: Edit access to specific Workshops and specific Lesson Plans
  • Editor - Edit access to all Lesson Plans, all Workshops, and Courses, not vetting applicants

courtneyr-dev avatar Jul 29 '22 01:07 courtneyr-dev

I agree with Courtney's concern, So many roles might create confusion. So here we can have a few roles, like:

  • Author - Edit access to specific Workshops and specific Lesson Plans
  • Editors - Edit access to all Lesson Plans, all Workshops, and Courses
  • Tutorial Reviewers - Edit access to all content types, deputy-level access to meta field for application vetting, and the ability to add new users to the site
  • Administrators - Full site access and permissions

webtechpooja avatar Jul 29 '22 05:07 webtechpooja

Agree with both @courtneyr-dev and @webtechpooja. I'd vote for the streamlined version that Pooja has outlined above.

azhiya avatar Jul 29 '22 10:07 azhiya