|
Tuesday 22 November 2005 6:51:34 am
Hi, I am currently designing the security model of a new Internet web site and we need to manage groups of groups. For instance, let's say a user John Smith works for the company MacDonalds. MacDonalds has purchased the products : Foo and Bar.
Our user accounts administration page looks like this :
- Companies (user group)
- - MacDonalds (user group)
- - - John Smith (user)
- Products (user group)
- - Foo (user group)
- - Bar (user group) The goal is to grant access to the support pages of the product Foo (that belongs to the section "Foo" of the web site) and the product Bar (that belongs to the section "Bar" of the web site) for John Smith. "Foo" section is accessible for users that belong to user group "Foo" (same for Bar). In a "eZ-perfect world", I would click "add location" on teh MacDonalds node and add a location bellow teh nodes "Foo" and "Bar" => Users that are in "MacDonalds" user group would also be added to Foo and Bar.
- Companies (user group)
- - MacDonalds (user group)
- - - John Smith (user)
- Products (user group)
- - Foo (user group)
- - - MacDonalds (user group)
- - - - John Smith (user)
- - Bar (user group)
- - - MacDonalds (user group)
- - - - John Smith (user) <b>In other words, we need a groups of groups functionnality in eZ Publish => is this planned in future releases ?</b> Now the two possible workarounds I have found : - Develop a workflow that automatically adds the user to the "MacDonalds" user group, and then adds him to the groups "Foo" and "Bar". (I have already developped such a workflow, but the assignments are statically configured in INI files, so this is not very flexible. I would develop a dynamic assignment workflow this time) - Use reverse related objects attributes in custom user groups. And then develop a custom Admin interface to recursively fetch reverse related objects. <b>What do you think of this design ? How do you usually manage this ?</b>
|
