I wrote previously about trying to hack Habari so that I could restrict certain users' actions. Soon, that will be unnecessary.
I've been playing around with the yet-to-be-released Habari 0.6, and it's pretty good. I used Subversion to grab the "trunk" dev version from the code repository. Of course, that is subject to change, so some of the issues I'll be describing in this post might have been solved.
Administrators can assign users to groups and then grant those groups privileges to do different things. There are a few holes though. For example, to allow any user to change his or her details, one has to give that user access to the "Users" part of the admin. That gives access to create, edit or delete operations. I want my students to only be able to access their own details. Fortunately, there are "hooks" into the administration menu and other APIs to restrict such actions. So I haven't had to "hack" the core code at all. I've created a plugin instead.
Similarly, using the plugin API, I can allow student users to create blog entries and save them as drafts but not publish them. And I'm hoping I can find a way to "lock" them after publishing so that non-administrator authors cannot change them. I think I can do it by adding a proxy method to the Post class and using that in the HTML template to add or not add an "edit" link. Of course, I shall also have to deny access to the actual edit URL.
All in all, it's looking pretty good.