[Zope] How to organize users in "groups"

[Roger]

Hi Philip
I think you should use nuxUserGroups. This zope product form nuxeo
organise the users in groups andd you can assign roles to this groups.=20
And for the other logic I whould use DC workflow witch is a workflow
product for zope.

Look at www.plone.org. Pherhaps plone has many of your ideeas
implemented. Spacial the member area for your end users.
And in plone you can many things offer to your client without to touch
the ZMI.

Let me know if you realy plan to develope a coustom ZMI interface. I
think it's to much work and the second argument is, it's realy possible
to develope a custom interface for ZMI who is "better" for the customer?
What's better? I know I don't like the ZMI if I make a presentation by a
customer.

Mit freundlichen Gr=FCssen
Roger Ineichen
___________________________
Projekt01 GmbH
www.projekt01.ch
Langackerstrasse 8
6330 Cham
phone +41 (0)41 781 01 78
mobile +41 (0)79 340 52 32
fax +41 (0)41 781 00 78
email r.ineichen@projekt01.ch
___________________________
END OF MESSAGE

Message: 10
From: "Phil Glaser" <StillSmallVoice@DirectvInternet.com>
To: <zope@zope.org>
Date: Fri, 11 Oct 2002 14:40:54 -0400
Subject: [Zope] How to organize users in "groups"

Hi,

I'm building a CMF site for a client who wants to organize users within
groups. The twofold purpose of this organization is: 1) to be able to
send
mail to specific constituencies of users; and 2) to assign permissions
to
specific constituencies of users. My client wants the application to
have
it's own custom administrative interface (he does not want the site's
administrators to be exposed to ZMI) that will enable the administrators
to
set permissions for specific groups on specific folders. The permissions
that the administrator sees may be simplified versions of the more
complex
sets of permissions you see through ZMI. For example, for a folder the
administrator would only see the permissions "No Access," "Read Only,"
"Submit File," and "Approve File." It is also important to know that the
site is structured as multi-community portal. In other words, members
are
defined at the level of the portal, and they will have permission to
belong
to specific communities within the portal. Each community will have the
same
functionality (content folders, discussions, news, etc.) but the content
will be different for each.

It seems to me that the simplest way to do this is is to implement a
"group"
as a role. In other words, what my client is calling a "group" would be
the
equivalent of a Zope "role." When the administrator adds a new group, he
would under the hood be adding a new role. When he adds a user to one or
more groups, he would be associating the user with the roles (users need
to
be able to belong to more than one group at a time). Listing the members
of
a group and sending mail to them would mean filtering the user objects
based
on their role (assuming this can be done). As for the simplified
permissions, there would need to be a dictionary in a script that
correlates
each of these simple permissions with one or more of the native Zope
permissions.

I think the only major problem with my approach stems from the fact that
the
groups/roles would be different for each comunity -- they would not
apply to
the entire portal. However, users would still be defined at the portal
level
because they will have access to multiple communities. Through ZMI, it
looks
like you can only assign a role to a user if the role has been defined
at
the same level as the user in the hierarchy or at a containing level in
the
hierarchy; in this case, I want to be able to assign a role that has
been
defined at a level below the level at which the user is defined.

So my question is: is there a workaround for assigning a role to a user
when
the role is defined further down in the hierarchy from where the user
is, or
is there some other way entirely that I should be solving this problem?

Many thanks!

Philip Glaser
Principal and Software Architect
Sustainable Software Solutions, LLC
StillSmallVoice@DirectvInternet.com
www.sustainsoft.com
973-951-9522