Hi Philip I think you should use nuxUserGroups. This zope product form nuxeo organise the users in groups andd you can assign roles to this groups. And for the other logic I whould use DC workflow witch is a workflow product for zope. Look at www.plone.org. Pherhaps plone has many of your ideeas implemented. Spacial the member area for your end users. And in plone you can many things offer to your client without to touch the ZMI. Let me know if you realy plan to develope a coustom ZMI interface. I think it's to much work and the second argument is, it's realy possible to develope a custom interface for ZMI who is "better" for the customer? What's better? I know I don't like the ZMI if I make a presentation by a customer. Mit freundlichen GrĂ¼ssen Roger Ineichen ___________________________ Projekt01 GmbH www.projekt01.ch Langackerstrasse 8 6330 Cham phone +41 (0)41 781 01 78 mobile +41 (0)79 340 52 32 fax +41 (0)41 781 00 78 email r.ineichen@projekt01.ch ___________________________ END OF MESSAGE Message: 10 From: "Phil Glaser" <StillSmallVoice@DirectvInternet.com> To: <zope@zope.org> Date: Fri, 11 Oct 2002 14:40:54 -0400 Subject: [Zope] How to organize users in "groups" Hi, I'm building a CMF site for a client who wants to organize users within groups. The twofold purpose of this organization is: 1) to be able to send mail to specific constituencies of users; and 2) to assign permissions to specific constituencies of users. My client wants the application to have it's own custom administrative interface (he does not want the site's administrators to be exposed to ZMI) that will enable the administrators to set permissions for specific groups on specific folders. The permissions that the administrator sees may be simplified versions of the more complex sets of permissions you see through ZMI. For example, for a folder the administrator would only see the permissions "No Access," "Read Only," "Submit File," and "Approve File." It is also important to know that the site is structured as multi-community portal. In other words, members are defined at the level of the portal, and they will have permission to belong to specific communities within the portal. Each community will have the same functionality (content folders, discussions, news, etc.) but the content will be different for each. It seems to me that the simplest way to do this is is to implement a "group" as a role. In other words, what my client is calling a "group" would be the equivalent of a Zope "role." When the administrator adds a new group, he would under the hood be adding a new role. When he adds a user to one or more groups, he would be associating the user with the roles (users need to be able to belong to more than one group at a time). Listing the members of a group and sending mail to them would mean filtering the user objects based on their role (assuming this can be done). As for the simplified permissions, there would need to be a dictionary in a script that correlates each of these simple permissions with one or more of the native Zope permissions. I think the only major problem with my approach stems from the fact that the groups/roles would be different for each comunity -- they would not apply to the entire portal. However, users would still be defined at the portal level because they will have access to multiple communities. Through ZMI, it looks like you can only assign a role to a user if the role has been defined at the same level as the user in the hierarchy or at a containing level in the hierarchy; in this case, I want to be able to assign a role that has been defined at a level below the level at which the user is defined. So my question is: is there a workaround for assigning a role to a user when the role is defined further down in the hierarchy from where the user is, or is there some other way entirely that I should be solving this problem? Many thanks! Philip Glaser Principal and Software Architect Sustainable Software Solutions, LLC StillSmallVoice@DirectvInternet.com www.sustainsoft.com 973-951-9522