English plugin dev 5 4
Movable Type have a robust permission and roles system, making it possible for big companies to give each employee the exact permission that he needs.
A permission if a specific thing that you are allowed to do: publish entry, for example. a role is a predefined title for a bunch of permissions – such as author.
Lets look on some of the permissions and roles that Movable Type comes with by default
- System Permissions
- For granting a user system permission, go to “System Overview” – “Users” – “Manage” → click on the user name, and in the bottom of the page you will see “System Permissions”
- There are six system permissions there:
- System Administrator
- Create Websites
- Create Blogs
- Manage Templates
- Manage Plugins
- View System Activity Log
- Typically, these permissions are not given to an ordinary user, but only for site managers
- There is a reference document, (mt_5_privileges.xls) where the exact affect of each permission is listed
- Blog Permissions
- Here too, you can consult mt_5_privileges.xls for the exact meaning of each permission
- There are 23 permissions, divided to 5 categories
- Management
- Web site and associated blogs management
- Web site management
- Blog management
- Configuration changes
- Manage Categories
- アドレス帳の管理
- Managing the tags
- Managing Users
- Set up the public URL path
- View the log
- Creating and Publishing
- Creating an Entry
- Publish Entries
- Sending Notifications / sharing
- Edit all blog posts
- Web pages Management
- Site rebuild
- Design
- Manage Templates
- Manage Themes
- Assets
- File upload
- Inline image’s default setting
- Manage Assets
- Comments
- Posting a comment
- Manage comments and backtracks
- Management
- Roles
- Rules are a combination of blog permissions, given to a user so he will be able to perform his designated tasks
- By default, the following roles exists in Movable Type:
- Website administrator
- Webmaster
- Commenter
- Designer
- Blog administrator
- Moderator
- Contributor
- Author
- Editor
- You can create new roles: “System Overview” – “Settings” – “Roles” – “Create Role”
- Assigning a role to a user: “System Overview” – “Settings” – “Permissions” – “Grant Permission”
Lets dive into the permission handing and handling
There is a matrix of permission, where one permission imply other permissions.
For example, if we look on “blog.manage_member_blogs” permission, the system automatically enable for this user the “access_to_asset_list” permission, because otherwise he won’t be able to do his work correctly.
These permission-relations are listed inside the Perl module MT::Core
Inside MT::Core ($MT_DIR/lib/MT/Core.pm) in the load_core_permissions
function, there is the definition of the permissions
sub load_core_permissions { return { 'blog.administer_website' => { 'group' => 'blog_admin', 'inherit_from' => ['blog.administer_blog'], 'label' => 'Manage Website', 'order' => 200, 'permitted_action' => { 'save_all_settings_for_website' => 1, 'access_to_website_list' => 1, 'administer_website' => 1, 'clone_blog' => 1, 'delete_website' => 1, 'remove_user_assoc' => 1, }, }, ... snip ...
In this snippet, you can see the following:
- Permission name:
blog.administer_website
- Permission Category (gourp):
blog_admin
(management) - Parent Permission:
blog.administer_blog
(user with this permission can do anything that blog administrator can do) - Display name:
Manage Website
- Sort order:
200
(when displaying listing of permissions) - User with this permission can also do:
save_all_settings_for_website
access_to_website_list
administer_website
clone_blog
delete_website
remove_user_assoc
- Permission Category (gourp):
Each operation in MT is associated with one of these permissions. For example for how to embed it into a plugin, see Modifying the management screen menu, where the tools menu changed to require administer
permission
For your plugin operation, please choose carefully the required permission. Also, choose carefully which permission you are giving to which user. Thanks.