[Zope-CMF] How to provide both public/private Member areas

Mark Langkau mark.langkau@pbmplus.com
Fri, 01 Jun 2001 08:23:39 -0500


Hi,

I have a current non-Zope site where logged-in clients can view
common/public info, and also have a private menu providing personal and
confidential information and reports specific to that client. The key
issue is that the private/confidential info must never be disclosed to
anyone other than that specific client.

I've been following CMF's progress, and I'm ready to jump in and try to
convert my site to CMF. But, I have only .5 ounce of Zope Zen and none
of it includes CMF ;-)  CMF seems to be oriented towards making content
public for all Members. That will be slightly useful for this situation,
but 99% of this site's content will be confidential and should not be
reachable by other Members. (In other words, not show on other menus, or
in content searches - except for hits that match that client).  We have
other sites where CMF will work great out of the box. This one is a
little different.

I'm looking for suggestions of products to use, or maybe the basic
functionality is already in the CMF core.

Specifics: There will be several hundred clients, where a client is
actually a company/business. Members of this site will be employees of
these clients/businesses. When a Member logs in , they should see info
specific to their company (confidential), information specific to that
Member (confidential), and some general info of interest to the entire
site community (regulations, best practices, site announcements, etc.).
A major concern to us is that Members should not be able to accidentally
publish or in any way post any of the confidential info to public areas
of the site. (I guess following the workflow model would prevent that.
Reviewers could reject requests to publish confidential info). Finally,
info that Members DO wish to publish should only be viewable by other
employees of that same client/business. Those postings should be owned
by the client, not the member. In other words, if the employee/Member
leaves his business (and maybe joins a competitor which also in on this
site), his postings remain with the client, not the Member (because they
will be about the client and will contain confidential info).

Is anyone doing something similar to this with CMF now? I'm also
thinking that a separate CMF instance for each client would work (easier
to keep client confidential info together), but after 3-4 CMF
installations, admin/maint efforts would become tiring an error prone.

Comments?

Cheers,
Mark