- NAME
- SYNOPSIS
- DESCRIPTION
- USAGE
- MT::Permission->perms( [ $set ] )
- MT::Permission->add_permission( \%perm )
- MT::Permission->add_permission( \@perm )
- $perms->set_full_permissions()
- $perms->clear_full_permissions()
- $perms->set_permissions($set)
- $perms->clear_permissions($set)
- $perms->add_permissions($more_perms)
- $perms->set_these_permissions(@permission_names)
- MT::Permission->rebuild($assoc)
- $perms->rebuild()
- $perms->has($permission_name)
- $perms->can_administer_blog
- $perms->can_create_post
- $perms->can_publish_post
- $perms->can_post
- $perms->can_upload
- $perms->can_edit_all_posts
- $perms->can_edit_templates
- $perms->can_send_notifications
- $perms->can_edit_categories
- $perms->can_edit_tags
- $perms->can_edit_notifications
- $perms->can_view_blog_log
- $perms->can_rebuild
- $perms->can_edit_config
- $perms->can_set_publish_paths
- $perms->can_edit_authors()
- $perms->can_edit_entry($entry, $author)
- $perms->can_manage_feedback
- $perms->can_view_feedback
- $perms->can_administer
- $perms->can_view_log
- $perms->can_create_blog
- $perms->can_manage_plugins
- $perms->can_not_comment
- $perms->can_comment
- $perms->blog
- $perms->user
- $perms->author
- $perms->to_hash
- $class->load_same($terms, $args, $exact, @list)
- DATA ACCESS METHODS
- DATA LOOKUP
- AUTHOR & COPYRIGHTS
NAME
MT::Permission - Movable Type permissions record
SYNOPSIS
use MT::Permission; my $perms = MT::Permission->load({ blog_id => $blog->id, author_id => $author->id }) or die "User has no permissions for blog"; $perms->can_create_post or die "User cannot publish to blog"; $perms->can_edit_config(0); $perms->save or die $perms->errstr;
DESCRIPTION
An MT::Permission object represents the permissions settings for a user in a particular blog. Permissions are set on a role basis, and each permission is either on or off for an user-blog combination; permissions are stored as a bitmask.
Note: The MT::Permission object is not meant to be modified or created directly. Permissions should be assigned to users through role associations, or through MT::Author's can_xxx methods for system level privileges. The MT::Permission object is actually managed by Movable Type purely, and is a flattened view of all the permissions a particular user has for a single blog. Users' system level privileges are also stored in MT::Permission record with blog_id = 0.
USAGE
As a subclass of MT::Object, MT::Permission inherits all of the data-management and -storage methods from that class; thus you should look at the MT::Object documentation for details about creating a new object, loading an existing object, saving an object, etc.
The following methods are unique to the MT::Permission interface. Each of these methods, except for set_full_permissions, can be called with an optional argument to turn the permission on or off. If the argument is some true value, the permission is enabled; otherwise, the permission is disabled. If no argument is provided at all, the existing permission setting is returned.
MT::Permission->perms( [ $set ] )
Returns an array reference containing the list of available permissions. The array is a list of permissions, each of which is an array reference with the following items:
[ key, label, set ]
The 'key' element is the value of that permission and is also a unique identifier that is used to identify the permission. Declared permissions may be tested through a 'can' method that is added to the MT::Permission namespace when registering them. So if you register with a 'key' value of 'foo', this creates a method 'can_foo', which may be tested for like this:
my $perm = $app->permissions; if ($perm->can_foo) { $app->foo; }
The 'label' element is a phrase that identifies the permission.
The 'set' element identifies which group or category of permissions the permission is associated with. Currently, there are two sets of permissions: 'blog' and 'system'.
If you call the perms method with the $set parameter, it will only return permissions declared with that 'set' identifier.
MT::Permission->add_permission( \%perm )
MT::Permission->add_permission( \@perm )
Both of these methods can be used to register a new permission with Movable Type.
Note: It is not advisable to call these method to register custom permissions without having preregistered for one from Six Apart, Ltd. This will reserve your permission and allow it to coexist with other plugins and future permissions defined by Movable Type itself.
When calling add_permission with a hashref, you should specify these elements in the hash:
- key
- label
- set
See the 'perms' method documentation for more information on these elements.
If calling the add_permission method with an arrayref, you should specify the elements of the array in the same order as given by the 'perms' method. You may only register one permission per call to the add_permission method.
$perms->set_full_permissions()
Turns on all blog-level permissions.
$perms->clear_full_permissions()
Turns off all permissions.
$perms->set_permissions($set)
Sets all permissions identified by the group $set
(use '*' to include all permissions regardless of grouping).
$perms->clear_permissions($set)
Clears all permissions identified by the group $set
(use '*' to include all permissions regardless of grouping).
$perms->add_permissions($more_perms)
Adds $more_perms
to $perms
.
$perms->set_these_permissions(@permission_names)
Adds permissions (enabling them) to the existing permission object.
$perms->set_these_permissions('view_blog_log', 'post');
MT::Permission->rebuild($assoc)
Rebuilds permission objects affected by the given MT::Association object.
$perms->rebuild()
Rebuilds the single permission object based on the user/group/role/blog relationships that can be found for the author and blog tied to the permission.
$perms->has($permission_name)
Returns true or false depending only on whether the bit identified by $permission_name
is set in this permission object.
$perms->can_administer_blog
Returns true if the user can administer the blog. This is a blog-level "superuser" capability.
$perms->can_create_post
Returns true if the user can post to the blog , and edit the entries that he/she has posted; false otherwise.
$perms->can_publish_post
Returns true if the user can publish his/her post; false otherwise.
$perms->can_post
(Backward compatibility API) Returns true if the user can post to the blog, and edit the entries that he/she has posted and publish the post; false otherwise.
$perms->can_upload
Returns true if the user can upload files to the blog directories specified for this blog, false otherwise.
$perms->can_edit_all_posts
Returns true if the user can edit all entries posted to this blog (even entries that he/she did not write), false otherwise.
$perms->can_edit_templates
Returns true if the user can edit the blog's templates, false otherwise.
$perms->can_send_notifications
Returns true if the user can send messages to the notification list, false otherwise.
$perms->can_edit_categories
Returns true if the user can edit the categories defined for the blog, false otherwise.
$perms->can_edit_tags
Returns true if the user can edit the tags defined for the blog, false otherwise.
$perms->can_edit_notifications
Returns true if the user can edit the notification list for the blog, false otherwise.
$perms->can_view_blog_log
Returns true if the user can view the activity log for the blog, false otherwise.
$perms->can_rebuild
Returns true if the user can edit the rebuild the blog, false otherwise.
$perms->can_edit_config
Returns true if the user can edit the blog configuration, false otherwise.
(Backward compatibility warning) can_edit_config no longer means the user can set and modify publishing paths (site_path, site_url, archive_path and archive_url) for the weblog. Use can_set_publish_paths.
$perms->can_set_publish_paths
Returns true if the user can set publishing paths, false otherwise.
$perms->can_edit_authors()
Returns true if the 'administer_blog' permission is set or the associated author has superuser rights.
$perms->can_edit_entry($entry, $author)
Returns true if the $author
has rights to edit entry $entry
. This is always true if $author
is a superuser or can edit all posts or is a blog administrator for the blog that contains the entry. Otherwise, it returns true if the author has permission to post and the entry was authored by that author, false otherwise.
The $entry
parameter can either be a MT::Entry object or an entry id.
$perms->can_manage_feedback
Returns true if the $author
has rights to manage feedbacks (comments and trackbacks) as well as IP ban list.
$perms->can_view_feedback
TODO Returns true if permission indicates the user can list comments and trackbacks.
$perms->can_administer
Returns true if the user in question is a system administrator, false otherwise.
$perms->can_view_log
Returns true if the user can view system level activity log, false otherwise.
$perms->can_create_blog
Returns true if the user can create a new weblog, false otherwise.
$perms->can_manage_plugins
Returns true if the user can enable/disable, and configure plugins in system level, false otherwise.
$perms->can_not_comment
Returns true if the user has been banned from commenting on the blog. This permission is used for authenticated commenters.
$perms->can_comment
Returns true if the user has been approved for commenting on the blog. This permission is used for authenticated commenters.
$perms->blog
Returns the MT::Blog object for this permission object.
$perms->user
$perms->author
Returns the MT::Author object for this permission object. The author
method is deprecated in favor of user
.
$perms->to_hash
Returns a hashref that represents the contents of the permission object. Elements are in the form of (enabled permissions are set, disabled permissions are set to 0):
{ 'permission.can_edit_templates' => 16, 'permission.can_rebuild' => 0, # .... 'permission.can_create_post' => 2 }
$class->load_same($terms, $args, $exact, @list)
Returns an array or an object depending on context, of permission records which have specified list of permissions. If $exact is set to True, permission records which have exact match to the list are returned. $terms and $args can be used to further narrow down results.
DATA ACCESS METHODS
The MT::Comment object holds the following pieces of data. These fields can be accessed and set using the standard data access methods described in the MT::Object documentation.
- id
The numeric ID of this permissions record.
- author_id
The numeric ID of the user associated with this permissions record.
- blog_id
The numeric ID of the blog associated with this permissions record.
- role_mask
- role_mask2
- role_mask3
- role_mask4
These bitmask fields are deprecated in favor of text based permissions column.
- permissions
Permissions are stored in this column like 'Perm1','Perm_2','Pe_rm_3'.
- entry_prefs
The setting of display fields of "edit entry" page. The value at author_id 0 means default setting of a blog.
- template_prefs
The setting of display "edit template" page. The value at author_id 0 means default setting of a blog.
DATA LOOKUP
In addition to numeric ID lookup, you can look up or sort records by any combination of the following fields. See the load documentation in MT::Object for more information.
- blog_id
- author_id
AUTHOR & COPYRIGHTS
Please see the MT manpage for user, copyright, and license information.