I've got a couple of Radiant instances out in the wild that I want to smoosh into a single instance with spanner's multi-site-extension. I'm also wanted to upgrade to 0.9.1 at the same time, so I've decided it'd be easiest to start a fresh with a clean install. I'll worry about content later.
Thus far, I've installed radiant-0.9.1 gem, created an instance called 'website-monster' and (seemingly) successfully installed spanner's two extensions. I've got a few domains responding nicely in my lab environment. What I need to make sure is that garden variety users logging into a given site can't go tinkering around more than they should in the admin interface. They're basically there to edit content and not a lot else. At the moment, a plain user from one of my sites seems to be able to access and manipulate the "Sites" tab in the admin interface, which is potentially A Bad Thing(tm) :-) Admittedly, I'm still very new to the actual Radiant codebase and extension framework, but I'm looking for where Radiant sets its permissions for this sort of thing in the admin interface. For example, in spanner's multi_site_extension.rb, he calls: add_item "Sites", "/admin/sites", :visibility => [:admin] And reading the wiki article "Altering Tabs in the Admin UI", I'm concluding that the Sites tab should only be visible to users with the "Administrator" property. However, it still shows up for my Joe Nobody user on the sub-site. What am I not doing right here? Do I need to do something else to restrict the visibility to (and access to) that tab? Cheers, - andrew -- Andrew Reid [mailto:andrew.r...@synergetix.com.au]
