Movable Type allows developers to define custom permissions within the application. This allows them to create more fine grained permissions around features they develop and expose to users through custom applications they build.

sub init_registry {
    my $plugin = shift;
    $plugin->registry({
        permissions => {
            'system.administer' => {
                label => trans("Edit Catalog"),
                group => 'sys_admin',
                order => 0,
            },
        },
    });
}

Each permission you define requires a "key" or identifier. In the example above, the key is "system.administer". A key consists two two parts, the scope (either "system" or "blog") and the unique identifier delimited by a period.

The properties of a permission are defined below:

• label - the display name for the permission
• group - for future use when rendering permissions in the app
• order - a sort key to determine in which order the permission will appear in a list of other permissions in the same group.

Known Issue - Currently the backend permits the definition of custom permissions that modes and other app pages can be bound to. However, these custom permissions are not automatically rendered within the Edit Role interface. Transformer callbacks would need to be used to inject the necessary HTML for allowing a user to bind a permission to a role our user.

Permission Groups

Here are a list of predefined permission groups. You are allowed to define your own:

• sys_admin - The System Administration group.
• blog_admin - Blog administration group (import, export, backup, restore, etc)
• auth_pub - Authoring and publishing group (create posts, create pages, etc)
• blog_design - Blog design group (styles, templates, etc)
• blog_upload - Uploading files and managing assets group.
• blog_comment - Commenting, comment and TrackBack management.