The MU forums have moved to WordPress.org

User Levels, Gallery2 Admin etc.. (8 posts)

  1. ozgreg
    Member
    Posted 18 years ago #

    I am just working through a list of protential issues in the WPG2 plug-in and figuring out how to control the Gallery2 Admin group Mapping..

    My Gallery2 Mapping would be

    MU Admin -> Gallery2 Admin Rights
    Blog Admin -> User Album Admin Rights
    User -> Registered User

    I basically need to work out who is MU Admin and who is Blog Admin and secure aspects of Gallery2/WP based on this but since all Blog Admin's also are created as Level 10 this is going to be tricky..

    I am wondering should we instead create Blog Admin users as Level 9 reserving Level 10 for MU Admin or does anyone else have a better suggestion..

  2. TomK32
    Member
    Posted 18 years ago #

    MU Admin -> admin at the very first blog. Don't know it that can be changed.

    It's a few tricky sql-queries and finding the functions, but changing user levels as you suggested would make trouble in every other part including plugins.

    how many of the gallery2 db-tables could be shared between blogs? maybe creating the rest per blog sounds good enough?

  3. ozgreg
    Member
    Posted 18 years ago #

    No changing the "blogs" authors levels to say 9 rather than 10 will not actually cause any WP issues, User levels 8+ are the same the only aspect is a lower level cannot edit a higher level which is actually perfect when you think about the security model of MU and how it should be desirable that the MU admin has utimate authority over any blog admin..

    It very simple to alter this.. wpmu-functions.php

    // Set up admin user
    $random_password = substr(md5(uniqid(microtime())), 0, 6);
    $wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_email, user_url, user_registered, display_name) VALUES ( NULL, '".$username."', MD5('$random_password'), '$admin_email', '$url', NOW(), '$username' )");
    $userID = $wpdb->insert_id;
    $metavalues = array( "user_nickname" => addslashes($username),
    $table_prefix . "user_level" => 10,

    Just change the user_level to 9 rather than 10

  4. ozgreg
    Member
    Posted 18 years ago #

    Just starting to pull MU apart and found this little gem -> if( is_site_admin() == false ) {
    die( __('You do not have permission to access this page.') );

    Might be a better way..

  5. donncha
    Key Master
    Posted 18 years ago #

    Use the is_site_admin() function to check if the user should have access or not. There's a text field in wp-admin/wpmu-options.php titled "Super Users", just filled that with the usernames you want to be siet administrators. Separate usernames with spaces.

  6. wugga
    Member
    Posted 18 years ago #

    See my posts here http://mu.wordpress.org/forums/topic/189 and I wanted to add that I also had to make some changes to g2embed.php so prevent the some additional menus from being available to blog admins. It was revealing e-mail addresses and allow owners to make gallery changes (I think). At any rate I disabled them. You can check out what is / is not available by creating a blog at http://wugga.com and trying things out.

    If you are just testing and not really setting up a permanant blog please let me know when you're done so I can clean up after you.

  7. ozgreg
    Member
    Posted 18 years ago #

    wugga,

    Drop me an email (this forums username @ gmail.com) with your changes if you do not mind or PM me over @ the wpg2 forums.

  8. wugga
    Member
    Posted 18 years ago #

    I left a PM over on the WPG2 forums

About this Topic