Learning the World

I’ve run into a workflow snag with WordPress MU (well, technically the issue is in WordPress; MU just inherits it): authors can’t add or edit pages.

The problem is basically this:

• I have an academic division web site with an administrator or two.
• I have a handful of editors representing the department heads within that division.
• I have authors who need to be able to add and edit (but not publish) pages.

It’s the last part that WordPress doesn’t support. Ideally, I’d love for the “author” role to function like the “contributor” role does for posts, e.g.: a contributor can write and edit their own posts, but they can’t publish anything.  I’d like the author to do the same thing for pages, allowing a second-tier workflow within the site.

Unfortunately WordPress MU doesn’t work this way out of the box, and based on the comments I’ve read online, it seems that WordPress core isn’t interested in changing this functionality because it differs from WordPress traditional blog mindset. Which I understand, but don’t agree with — I think WordPress has grown into a respectable, lightweight content management system, and adding this additional granularity of editorial control would complete that transition.

So the question is: How to do we manage this? One option is to split up a larger site into sub sites; e.g. instead a single division site, you end up with sub sites for each department.

The other option is to go with a third party module. There are two that look good, particularly when used in conjunction with one another:

• Role Scoper: “Assign restrictions and roles to specific pages, posts or categories.”
• Capability Manager: “…provides a simple way to manage role capabilities. Using it, you will be able to change the capabilities of any role, add new roles, copy existing roles into new ones, and add new capabilities to existing roles.”

They look promising, but I haven’t tested either with WordPress MU yet. I’m curious to know how other folks are addressing this problem; if you have any suggestions or experiences to share, please leave a comment!

WordPress MU 2.8.4a refuses to upload .ppsx (PowerPoint Show files for PowerPoint 2007/2008) because the extension hasn’t been defined in the functions “wp_check_filetype” and “wp_ext2type” in /wp-content/functions.php

Not having ppsx defined here causes WordPress? MU to throw the warning “File type does not meet security guidelines. Try another.” when uploading the file (even when the ppsx file type itself is blessed in WPMU’s admin options).

I’ve reported the bug to WordPress MU Track here:

• #1118: PPSX not defined as valid file in functions.php

Update

The fix isn’t quite so straightforward as just adding .ppsx to the list of valid PowerPoint extensions, because technically PowerPoint Shows for 2007 have their own MIME type:

• application/vnd.openxmlformats-officedocument.presentationml.slideshow

As does PowerPoint 2007:

• application/vnd.openxmlformats-officedocument.presentationml.presentation

Specifying the wrong MIME type for PowerPoint Show files caused WordPress to add a .ppt extension to the file, which played havoc with subsequent downloads. The fix was to specify the MIME type in wp_check_filetype:

• ‘ppsx’ => ‘application/vnd.openxmlformats-officedocument.presentationml.slideshow’

My bug report at WordPress MU was closed because this is technically something that needs to be changed in core WordPress; I’ll be reporting it there shortly.

WordPress MU 2.8.1 was just released, and I came across a few bugs while kicking the tires on my MU development site:

• #1037 After upgrade, upgrade banner doesn’t disappear (fixed)
• #1048 WPMU 2.8.1 improperly escaping titles of newly created blogs
• #1049 Editing Blog Settings as Admin fails (fixed)

#1049 was fixed within four minutes of me posting the ticket, which is pretty darn cool.

I also encountered an issue with the Admin-SSL plugin and 2.8.1 that sets up an infinite rerewrite of the blog delete URL; I haven’t had a chance to track it down yet, but the author is working on an update of the plugin to get it working properly with 2.8.

Our Moodle Wikis were working just fine (well, they were working about as well as the Moodle wiki ever does) until 1.9.4. That’s when they broke; you could select and upload a file (e.g. a photo), but the screen would go white (indicating a PHP error) and your file wouldn’t make it to the wiki. As we have a number of wikis that upload photos, this was a problem.

The issue appears to be a change in the default settings for the wiki. Making the wiki configuration tweaks described in this Tracker report fixed the problem:

• MDL-10641 Wiki binary files option broken

In 1.9.4, Moodle introduces a new security report tool which compares your Moodle roles against different security risks. My colleagues and I just spent the afternoon puzzling through the flags that 1.9.4+ raised in our test Moodle install. Unfortunately, “puzzling” is the optimum word here: we spent a big chunk of time just trying to understand what the report was trying to tell us. Here’s what I learned.

To start, you need to understand how Moodle tolerates risks based on roles (defined under “Risks” in the Moodle Docs wiki.):

• Guest – only capabilities without any risks are allowed
• Student – certain capabilities with spam risks are allowed
• Teacher – certain capabilities with XSS and privacy risks are allowed
• Administrator – all capabilities are allowed

This is important because any custom roles you’ve created are evaluated based on the legacy role that spawned them. So if you start with a student role, and give it some more advanced teacher-like options that allow XSS capabilities, then Moodle will set a critical warning flag because its exceeded the capabilities normally associated with a student.

I need to doublecheck this, but I think that if you change the legacy role associated with the custom role in question to “teacher”, then your custom capabilities will remain the same, but the report will run against the more permissive teacher role. That said, you may not want to get rid of the warnings (since it is helpful to know what a “super student” role could get themselves into) but at least this write-up should help you understand them.

I’d love to see Moodle create a more user-friendly report that says something like:

• “Your role ‘Teacher Assistant’ is based on the legacy role ‘Student’. By default, students are not allowed to have capabilities that permit Cross Site Scripting (XSS), but your custom role allows the following XSS capabilities” — I’d then include a list of the problem capabilities.

You can contribute to improving the Security Report by reading/commenting on this tracker item:

• MDL-18078: Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report

I just ran into an obscure error on our Shibboleth-based implementation of Moodle; when accessing the site with Firefox 3/WinXP a user reported the following error:

“overLIB 4.10 or later is required for the CSS Style Plugin”

A little searching revealed that this is apparently a problem with the browser’s cache; clearing the cache causes it to go away. If you’re proxying Moodle, you may need to clear the proxy’s cache as well. There’s no Tracker item for it; I thought of adding one, but this isn’t really a Moodle problem — it’s a browser one.

• moodle.org: Overlib problem (moodle thread discussing the problem and fixes)
• octette.cs.man.ac.uk overLIB 4.10 or later is required for the CSS Style Plugin

Audio recording tools for Moodle are something that’s come up several times on campus. English and foreign languages faculty would love to be able to use such a tool with students; in English they’d use it to work on student’s inflections and readings of poetry, while foreign languages would use it as part of spoken language critques.

I experimented with using NanoGong to do this, but unfortunately it was just too unstable; the Java applet running it refused to save files on two of the three computers I tried it on … including computers on which it had worked.

COVCELLL has created the audio recording assignment that works with Moodle 1.9. I haven’t had a chance to try it yet, and would love to hear from anyone who has.

Marketing Pilgrim’s posted their list of the most useful plugins for new bloggers. Of the plugins on this list, I can personally recommend Akismet; no blog should launch with out it. A lot of my friends in the hobby game blogosphere use CommentLuv. I’ve taken advantage of it while posting comments, but have never installed it on one of my own blogs.

Moodle has a nasty habit of leaving specail characters in file names after you unzip an archive. It will strips these characters (like apostrophies) from a file when that file is uploaded individually, but if you upload an archive, that process doesn’t happen.

The problem comes when you try and delete that file — Moodle’s scripts can’t handle the special character, and refuse to allow you to move, delete or otherwise modify the file. Fortunately, a fix is coming in Moodle 1.9.5 thanks to the work of Charles Fulton of Kalamazoo College at Hack/Doc Fest III at Reed College in January 2009.

You can read about it in tracker here:

• MDL-237 Special characters left in filenames after unzipping

A patch is available via tracker. A fix will be available in Moodle 1.9.5.