[Zope-CMF] Eliminating the /Members directory?

Andy Bramah andybramah@cantab.net
Sun, 18 Aug 2002 22:26:53 +1100


David,

This answer is probably late, but it's been sunny recently...

...anyway, I was chuffed with my solution to this, so I'll share it. Also,
I'm about to add a question of my own to this list, so I ought to help solve
one problem before creating another....

I came up with this exact same problem. I do want members to have their own
areas, or sandboxes, but like you, I want content to be in the right place
on the site. Ie, if a user creates a news article, then it should appear in
the 'News' folder of the site.

Others have come up with an automated solution to this which uses scripts
and workflow to move the article around the site. This works, but what if
the item is a Document? How does the script know where to move it? A
document could relate to any part of the site.

Another option was to give users Owner rights on the folders you want them
to make content in. But I don't want to constantly have to play with local
roles. I have too much other stuff to do..!

So, here's my solution:

1) Copy the Folder type, and rename it 'Collaboration Folder' etc. Only
permit Folders to be created within a Collaboration Folder.

2) Now go to the Folder type, and allow it to contain everything _but_
Collaboration Folders.

3) Now add a Collaboration folder to your site, let's call it 'News'. Give
members the permissions to: Add portal content, Delete objects. (I think
that's all of them).

4) Now here's the dodgy bit. There's a problem with my solution. Within the
colaboration folder, members can delete content they _don't own_ (or stuff
which has been published). I don't want this. Within my Collaboration
folder, I want members to be able to add content into folders they don't
own, but they shouldn't be able to mess with other people's work. To solve
this, I don't display a checkbox next to the Folder contents which shouldn't
be messed with. I put the following lines around the checkbox html in the
folder_contents skin file:

<div tal:condition="python:here.portal_membership.checkPermission('Modify
portal content', item)" >

<checkbox html....................>

</div>

*** This is what I describe as 'security through obscurity'. But then, I
don't think my members are out to hack my site!!!. I actually feel it's an
area which Zope lacks. If you have access to a folder, then you have access
to everything below it. There are no rules for "You can only access what you
made".

OK, you are done. So what does all this achieve?

1) Members can add folders, and content into these folders.
2) Members are FORCED to use folders to organise their work. This stops the
'News' folder becoming unworkable. This means that all content relating to a
News item is placed in the same folder as the news item.
3) Members can only work with content they created, but they can see and
link to work other members have done.
4) If members want to collaborate, they can use local roles themselves to
form this partnership. Hence Collaboration Folder....!
5) Above all, rather than moving content around the website using scripts,
_the content was created in the right place first time_. For example, I'm
making a windsurfing website. There might be a news article describing a
race event. Another member might want to add the race results of the event
as a related Document. They can go to the folder containing the relevent
News article, and add the results. They cannot play with the original news
article.

I find this works really well. (Although I havent released the site yet, so
the members might disagree.......!)

Regards,
Andy.



-----Original Message-----
From: zope-cmf-admin@zope.org [mailto:zope-cmf-admin@zope.org]On Behalf Of
David Elfstrom
Sent: 10 August 2002 05:43
To: Zope-CMF@zope.org
Subject: [Zope-CMF] Eliminating the /Members directory?

I'm wondering what can be done to eliminate the /Members directory in the
CMF.

Basically I want to have people be able to contribute documents, news
items, articles, and other document types, but I don't want those documents
to be stored in the /Members/username -- I want them to be stored in /news
and /articles and /policies. User accounts should be able to come and go,
but what the user creates should stay. Does this make sense? Has anyone
else done this with the CMF, or did you just roll-your-own content
management system in Zope?

David


---
  David Elfstrom, P.Eng   elfstrom@sten.sunnybrook.utoronto.ca
  Systems Engineer, Research Computing
  Sunnybrook & Women's College Health Sciences Centre
  Rm#S6-20, 2075 Bayview Avenue, Toronto, Canada  M4N 3M5
  phone: 416-480-6100 x3416    fax: 416-480-5714

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com