2009-02-18 09:29:03 Habari
I wrote previously about trying to hack Habari so that I could restrict certain users' actions. Soon, that will be unnecessary.
I've been playing around with the yet-to-be-released Habari 0.6, and it's pretty good. I used Subversion to grab the "trunk" dev version from the code repository. Of course, that is subject to change, so some of the issues I'll be describing in this post might have been solved.
Administrators can assign users to groups and then grant those groups privileges to do different things. There are a few holes though. For example, to allow any user to change his or her details, one has to give that user access to the "Users" part of the admin. That gives access to create, edit or delete operations. I want my students to only be able to access their own details. Fortunately, there are "hooks" into the administration menu and other APIs to restrict such actions. So I haven't had to "hack" the core code at all. I've created a plugin instead.
Similarly, using the plugin API, I can allow student users to create blog entries and save them as drafts but not publish them. And I'm hoping I can find a way to "lock" them after publishing so that non-administrator authors cannot change them. I think I can do it by adding a proxy method to the Post class and using that in the HTML template to add or not add an "edit" link. Of course, I shall also have to deny access to the actual edit URL.
All in all, it's looking pretty good.
2009-02-17 22:31:07 bushfires
Much has been said about the bushfires. Reading the stories in the paper is heart-breaking.
Those of us in the cities are—with the exception of a bit of smoke—largely shielded from this although many would know some who are affected. So it's sobering to see sights like these from one's own home (about 30 km away)...
I've been playing around with Habari (version 0.5.2) a bit more of late—in support of my podcasting project for my students.
The idea is that I could give my students a user account in Habari so they could compose short blog entries and link to the MP3 files of the lectures and other classes they have recorded. I've confirmed that Feedburner will nicely handle feed generation with the necessary <enclosure> and nice-to-have iTunes-namespaced elements.
I'd like students to be able to log in and change their user details, but not do anything else to users. I'd also like them to be able to compose entries but not publish them. Habari's database schema includes entities called groups. It also has a permissions table. Users are assigned to groups and groups are granted permissions. This should be enough for what I wish to do. Currently, it seems that it's not used, though, as I can't find any instantiation of the Usergroup or Usergroups classes (and I've looked long and hard at quite a lot of the code).
Users can log in and change their details. If a user clicks on any other user's name in the user list, his own details are presented for editing instead of the other's users. I think there ought to be a warning about that, perhaps via the notice() method of the Session class, but at least it's secure.
What is weird is that any user can create users and delete any user. There's apparently no top-level administrator, even though the Habari installer asked for an administrative username and password. I checked each user in turn: they all have the same "status" as it were.
I can prevent certain actions by assuming that the first user added to Habari is the administrator. The installer certainly leads one to suppose that the first user would be granted that role. By checking whether the user's id is 1, I can allow or disallow certain actions using a Plugin action_* or filter_* method. Still, it would be nice to change the "view" presented to the user. At the moment, my students would see the "Publish" button and click it. While I can intercept that action and change it to a "save draft", it would be better if the button could be removed altogether. I could change the template, but at the moment I'd rather use the Plugin API than hack the core. (The former is less likely to break wen I upgrade to a newer version.)
Perhaps some of this will be rolled out in version 0.6. It sounds as if there's a bit happening for that release. But I need something working in two weeks' time.
2009-01-23 16:24:10 Feedburner, Habari and podcasting
I've been looking for a podacsting platform for work. The plan is to have my students record and edit lectures and tutorials, convert them to mp3s and publish them.
I quite like Habari. If I were writing blogging software from scratch, I'd do things differently, but when I look through the code I can see why they've done the things they've done. It's so much better than the God-awful mess that is Wordpress.
After reading this post, I've installed the plug-in and got myself a Feedburner account. I want to investigate using Feedburner to generate a podcast-aware feed.
One problem I've encountered is that if you use a media player (e.g. Flash) in the markup of a page, Feedburner detects the player but not the file it's playing. So I think I'll have to go the way of Paul Boag, and place a direct link to the MP3 file in the markup for the blog entry. Another link might open a window, or take the user to another page which is not tracked by either Habari's Atom feed or Feedburner.
Habari has different content types. By default, there are "pages" and "entries". Pages are meant to be like static HTML pages, as far as I can tell. So these would be a good candidate for presenting the media player to any users who might like to use it.
After my previous complaints, a disaster happened the other night which sealed it for me. Don't get me wrong: I love Linux for web development (in my case, PHP and Javascript), but for the casual user, it has to get a lot better.
Opensuse has automatic software updates somewhat like OSX's Software Update, but less intrusive. I'd had problems with it lately because some daemon or other wouldn't run. Anyway, I found a way around that using Yast and just accepted whatever it said (which is what most people would do).
Upon restart, Linux wouldn't log me in and didn't even start up X and KDE. Successive restarts, attempted diagnosis and repairs, made no difference. I suppose there is a way to do on the command line but I'm not a command line kind of guy (other than the starting Apache, and the odd filesystem operation).
So I had to copy essential stuff (PHP and JS scripts, the odd document and my mysql databases) and re-install.
Well, it could be worse. When I first installed Suse, I chose ReiserFS (filesystem) since that was the recommendation. Who knew that a couple of years later, Reiser would be arrested and charged for murdering his wife. So I've changed to ext3.
Now I have to be sure to disable any experimental repositories before running updates. Haven't run an update yet. :-|