Flashes of Panic

This morning’s project for MPOW drops a heavy hint about what we’re trying to do: could I find a way to give a user in Movable Type blog-administrator privileges (that is, the ability to change settings like the blog name, description, archive method, etc., as well as add/edit/delete entries, change templates, and so on) without letting them change the server path (the directories in which the blog is actually located on the server)?

Changing server paths is a dangerous step on a multi-blog installation. Since all the files are owned, in the filesystem, by whatever user MT.cgi itself runs as, if you change the path for Blog α to match the path of an existing Blog β, then rebuild Blog α, MT will cheerfully overwrite any Blog β files with matching names, including all the feeds, indexes, etc. Then, if Blog β is rebuilt, it will clobber Blog α, and so on. Bad scene.

So we decided to keep that power for the system administrator, not blog administrators. It’s actually pretty simple, if you want to do it on your own multi-blog installation; it just requires some tinkering with the admin interface templates, which are, as near as I can tell, largely undocumented.

• Find the admin templates. On a default MT install, they’re at $MT_CGI_PATH/tmpl/cms/.
• Edit cfg_simple.tmpl. Lines 174 through 200 are the ones which show the path information; add <TMPL_IF NAME=IS_ADMINISTRATOR> at the beginning and </TMPL_IF> at the end. You may want to use HTML comments (<!-- comment here -->) to indicate your changes later.
• Save cfg_simple.tmpl.
• Edit cfg_archives.tmpl and make the same changes around lines 152 through 210. Save that file.
• Make a note somewhere about your changes, so if you accidentally blow your changes away in an MT upgrade, you can re-create this!

Now, only a system administrator (not just a blog administrator) can change server paths for blogs on your system.

Now Playing: It’s A Fast Driving Rave Up With The Dandy Warhols Sixteen Minutes from Dandys Rule OK by The Dandy Warhols