Support Forum
oh, lots of discussion to occur on this when we begin...
but I agree Lee... think there will be some sort of global options enabling or disabling features and options on the individual network sites...
but not sure what you mean... an admin on network site 2 shouldnt be able to edit options on network site 3, unless you gave them access... unless they are a super admin, they only have access to their site options...
Visit Cruise Talk Central and Mr Papa's World
Not sure I said they could edit options on other sites, sorry if I implied that.
But by changing paths couldn't they overwrite images, or use the template editor to modify any theme as long as they knew what blogs.dir to enter?
I can make a new forum on a blog, logged in as the proper admin for the blog (not super). The default storage locations are blogs.dir according to blog number. There is one theme, default. I can modify the themes path to the main install and use whatever themes are there and modify them.
@ Mr Papa, I tested the latest installation changes on a new site under 1 of my networks, and it works perfectly.
However, it creates 3 folders under sp-resources, which is fine, but this isn't consistent with the description for the SVN setup, so I'd just modify that description.
After installing a new site, I went back and edited the locations of my existing site, and it works fine.
I have to think more about your comments on "global options" before I can comment intelligently. There aren't a lot of WP plugins that have global options (I can think of just 1 off the top of my head, NextGen Gallery). As for feature control of things like file uploading, if that is in a plugin, and a network admin doesn't want to allow that, he can not install or delete that plugin. I see your point about network admins wanting to control how site admins configure SPF, but I think those are features that only impact networks where users can create their own sites. Most of the multisite installs I see are where the network admin is controlling the site setups, where that concern is a non-issue. I think you'd be best served to devote resources to have SPF first work with multisite the way most plugins do, and then tackle the global settings issue.
@ Lee H, you wrote:
"What I meant about write access to admins. Currently it appears that any networked blogs would need write access to add new or any additional themes/plugins to their selection."
Sites cannot add themes or plugins in a standard multisite install, and I'd recommend that they not be allowed to add SPF themes or plugins as that is not consistent with the way multisite works. Network admins can only perform these functions. Adding a new plugin is separate from activating, so a site admin could activate any 1 of the installed plugins.
"As it is now, a admin from another blog on the network can edit the paths to the main blogs forum install and use or modify whatever is there."
I'm not sure that's the case. An admin from Blog A is only editing the SPF settings for Blog A. Unless that person is also an admin on the main blog and logs into the main blog, the settings are completely independent. I haven't tested every element of that, but I have made changes to the settings on 2 forums on 2 sites of the same multisite installation, and the settings are independent. That is just the way multisite works with just about every plugin out there.
@ Lee H, the template editor is an issue. In a normal multisite install, a site can't edit templates from the WP back end, so I'd say this should be turned off when SPF is installed in multisite if SPF has a template editor.
If there is no template editor, the only way a site admin could reach the templates or plugins would be via http://FTP. Site admins could change their site settings at will, but they'd only be impacting a single site on the network.
Bill Murray thanks for the feedback on the new installation... was this fresh install or an upgrade from 4.4.x?
yeah, the svn instructions and other pinned topics were really for the group of folks that jumped in at the start of the alpha back in July. wouldnt hurt to bring them back up to date...
Visit Cruise Talk Central and Mr Papa's World
Bill Murray said:
"As it is now, a admin from another blog on the network can edit the paths to the main blogs forum install and use or modify whatever is there."
I'm not sure that's the case. An admin from Blog A is only editing the SPF settings for Blog A. Unless that person is also an admin on the main blog and logs into the main blog, the settings are completely independent.
Still a misunderstanding I think. I'm not talking about blog.2's forum being able to edit options on blog.1's forum.
I'm saying that blog.2's forum can set the storage locations path to blog.1's forum storage locations. Then in the backend of blog.2's forum, the admin can delete any or all smilies, badges, avatars, icon etc, that are in blog.1's storage location. And the SP backend will happily do it without complaint. Of course these files can be uploaded as well. Imagine your surprise if your wholesome forum icons where replaced with something XXX?
I do believe there should be global options for the Super Admin. I don't really see any way around it. Even if it has to be a flat file that is read to save a database call.
I believe those options should also cover plugins that the Super Admin would like to allow sub blog forums to use. The plugins that are currently for SP v5 were actually part of the core of all versions of SP before v5. And personally I don't know how anyone can run a great forum without at least a handful of them.
You have a valid point on how most Super Admin's won't allow sub blogs access to themes and plugins. But this is not a rule either. I do allow sub blog admins to use alternate themes and plugins from a pool. They just can't add (literally) additional ones. All plugins and themes I introduce have been gone through with a fine toothed comb by me. I strip out the scary stuff or edit as I feel fit.
I wasn't petitioning for sub blog forum admins to have write access either, but as things are right now, unless I hand place the theme or plugin files in their storage location folders (ain't gonna happen), they would have a bare bones forum unless they had the ability to move files there themselves (again, ain't gonna happen).
@ Mr Papa, new install. I updated the code, created a new site, activated the plugin on that site, and then continued on. I figured I'd mention the SVN documentation thing because keeping that updated provides a strong foundation for doing the documentation for the ultimate release.
@ Lee H,
"I'm saying that blog.2's forum can set the storage locations path to blog.1's forum storage locations. Then in the backend of blog.2's forum, the admin can delete any or all smilies, badges, avatars, icon etc, that are in blog.1's storage location. And the SP backend will happily do it without complaint. Of course these files can be uploaded as well. Imagine your surprise if your wholesome forum icons where replaced with something XXX?"
Ok, light dawns on my marble head, and I see your point, which might be valid. I tested and I could change Blog 2's custom badges folder to that of Blog 3, and then proceed to do what you suggested but I was logged in as a network admin. Then I tried creating a site admin for Blog 2 and could still change locations to Blog 3.
SPF reported that I had write access to Blog 3 folders while on the backend of Blog 2. Is SPF's write access test faulty? Or is this a multisite issue where multisite isn't controlling write access in blogs.dir? I'll do some more investigating on the WP side and see what I can find.
One workaround could be for SPF to check if the install is multisite, and if so, only let a blogs.dir folder location be saved if it contains the current blog ID.
Interestingly, when I went to add a new site admin, I got this error:
Warning: Cannot modify header information – headers already sent by (output started at /problem-with-post-edit-buttonome/qbg/qbgarage.com/wp-content/plugins/simple-press/sp-api/sp-api-primitives.php:763) in /problem-with-post-edit-buttonome/qbg/qbgarage.com/wp-includes/pluggable.php on line 934
The user was created, however. Hopefully, the SPF team catches that.
I may not have communicated effectively on the issue of access to themes and plugins. Network admins do exactly what you do because that is the way multisite works. I was referring to the creation of new blogs rather than new themes or plugins. There are web services offering the ability to create for a new user to create a site, much like wordpress.com. I don't see these services as a big target initially, because I think most multisite installs are where the network admins create the sites themselves.
I raised this question on the WP multisite forums and got 2 replies from well-known multisite gurus.
Basically, on multisite, SPF should either a) not allow the folder locations to be edited or b) change the base from /wp-content/ to just /files/ (WP will then use /wp-content/blogs.dir/3/files/ for blog ID 3) or perform some other validation that prevents a user from entering a path to a blogs.dir folder over which he doesn't have control.
I think #3 is the hardest to achieve and the most vulnerable (because someone might find a way around the validation routine).
I'm not sure I see the need for these locations to be managed on multisite, but if there is a desire to allow people to manage them, I think #2 is a secure choice. #2 insures that any file is in a folder for that blog ID. It's clean and simple.
Hope that helps.
reasons like this are exactly why we plan to tighten up the integration in 5.1... SP was never really designed to work with multisite but folks have had success with some limitations...
Nothing has changed in 5.0 in regards to how the blogs.dir directories are handled...
Visit Cruise Talk Central and Mr Papa's World
Did you see this error in my previous post?
Warning: Cannot modify header information – headers already sent by (output started at /problem-with-post-edit-buttonome/qbg/qbgarage.com/wp-content/plugins/simple-press/sp-api/sp-api-primitives.php:763) in /problem-with-post-edit-buttonome/qbg/qbgarage.com/wp-includes/pluggable.php on line 934