I've been playing around with Habari (version 0.5.2) a bit more of late—in support of my podcasting project for my students.
The idea is that I could give my students a user account in Habari so they could compose short blog entries and link to the MP3 files of the lectures and other classes they have recorded. I've confirmed that Feedburner will nicely handle feed generation with the necessary <enclosure> and nice-to-have iTunes-namespaced elements.
I'd like students to be able to log in and change their user details, but not do anything else to users. I'd also like them to be able to compose entries but not publish them. Habari's database schema includes entities called groups. It also has a permissions table. Users are assigned to groups and groups are granted permissions. This should be enough for what I wish to do. Currently, it seems that it's not used, though, as I can't find any instantiation of the Usergroup or Usergroups classes (and I've looked long and hard at quite a lot of the code).
Users can log in and change their details. If a user clicks on any other user's name in the user list, his own details are presented for editing instead of the other's users. I think there ought to be a warning about that, perhaps via the notice() method of the Session class, but at least it's secure.
What is weird is that any user can create users and delete any user. There's apparently no top-level administrator, even though the Habari installer asked for an administrative username and password. I checked each user in turn: they all have the same "status" as it were.
I can prevent certain actions by assuming that the first user added to Habari is the administrator. The installer certainly leads one to suppose that the first user would be granted that role. By checking whether the user's id is 1, I can allow or disallow certain actions using a Plugin action_* or filter_* method. Still, it would be nice to change the "view" presented to the user. At the moment, my students would see the "Publish" button and click it. While I can intercept that action and change it to a "save draft", it would be better if the button could be removed altogether. I could change the template, but at the moment I'd rather use the Plugin API than hack the core. (The former is less likely to break wen I upgrade to a newer version.)
Perhaps some of this will be rolled out in version 0.6. It sounds as if there's a bit happening for that release. But I need something working in two weeks' time.
...Comments Habari I wrote previously about trying to hack Habari so that I could restrict certain users' actions. Soon, that will be unnecessary.I've been playing a...
...//habariproject.org">Habari ought to do next. Rather, it is about what I must do to make Habari suitable for podcasting of music and classes at my workplace.As I stated previously, I wish to have my students record some classes and music pe...