WordPress 2.9 and ACLs

WordPress 2.9 changed the permission structure away from the permission-based ACL, which confused many users, and created a role-based ACL where roles have permissions. This has royally fubared a few of my sites, which used extensive ACL settings with some custom plugins to enable fine-grained permissions. On the other hand, few people understood the old permission format, things were complicated enough that a user could trip over themselves and inadvertently grant multiple contradictory permissions to someone, and it was difficult to teach and explain the administrative interfaces.

The first step towards straightening out the new permissions structure is creating and/or changing the existing roles. Steph over at SillyBean has a good article on creating roles in the PHP code, and also mentions Justin Tallock’s Members Plugin, which automates a bunch of the things that she explains. Of course, there’s always the WordPress Documentation, and the reasoning behind the changes are in this WordPress Trac ticket.