[Zope-PTK] Roles, Groups, Security and Group Membership

Monty Taylor mtaylor@goldridge.net
Wed, 05 Jul 2000 16:04:47 GMT

> Well, my previous comment maybe, but some of this is PTK specific.

>  > Okay, for the PTK bit, it's similar but different. The PTK only has the
>  > concept of Users as members, each of whom have their own user area.
>  >
>  > I think this is a bad starting point. I reckon groups should be members,
>  > and groups should have their own areas, perhaps in /Groups/ or some such
>  > in addition to the stuff in /Members. A User would then be able to edit
>  > content in their member folder as well as content in the group folders
>  > of any groups they belong to.

> I'm not sure that this is either necessary or desireable.  I'd hate
> for simple PTK users to have to set up a group hierarchy to get
> started.  

Agreed. Definitely not desirable to require that. Yuck!

> It seems to me that group membership is an attribute of a
> Member, like home folder.  The publishing logic could then look at
> this attribute (these attributes? It may not be that simple.) to
> determine whether to automatically publish something or hold for
> review.  I.E. the problem may not be the Zope security system, it may
> be the PTK using Zope security instead of a private mechanism.

I get what you're saying... but here's the thing I can't figure out. Say 
I create
either a role "Marketing" or assign a user to a local role of "Manager" 
in the 
Marketing folder. Now granted, I'm probably abusing the DemoPortal for 
more than
I should, but how could I give the user access to a 'Set Status' like 
method that
is called in the context of that folder? Maybe I'm just streching for too 
much from
too little effort. 
No, I guess what I'm asking about is streching the design too much. I 
think what I 
really want is for the status of a Portal Object ('Private', 'Pending', 
to actually be affected by context. So that any given Object could be 
Published in
"Marketing" but "Private" in the root folder. I don't think Zcatalog is 
really going
to like that.

Someone please tell me I'm wrong... but I think I'm going back to the 
drawing board
for this one. 

I still think Zope could do with expanded Group ability... but NOT 

Thanks guys,