Forum OpenACS Q&A: What (really) is subsite-awareness?

Collapse
Posted by Randy O'Meara on
I've been searching around a bit in forums and bugs trying to understand the elusive subsite-awareness. I found several places where packages claim to have this property.

For example, the "Directory" package claims awareness and, the best I can tell with a quick scan, in this context it really means that the package plays nicely with the groups (actually application groups) system. Aother example would be "Photo Album" (Jeff's version) where awareness means allowing access only to content associated with a particular subsite.

So, I'm thinking that subsite-awareness is:

a) being aware of and using subsite application groups and the permissions applied to objects through association with these groups, and

b) associating each object with the package_id of a particular subsite so that "select"s return the subset of objects having this association. I found context_id and said "woohoo, can I just set and select objects based on this value?", and then I read Dave's comments that say "don't do that!", so I'm not sure how to go about this aspect of awareness.

I would like to understand the components, tools, and procedures required to make an application subsite-aware. Would anyone care to break this down into a step-by-step process or set of guidleines so that I and others can understand and apply the principles in order to make our applications play nicely now and in the future? If not, I'll still read any comments that anyone would like to add.

Randy

Collapse
Posted by Dave Bauer on
Randy,

Actually a package generally should not store data based on the subsite package_id, but the package_id of the package instance. That is, a package instance should only "see" it's own data. When this happens subsite awareness, as it is called, is achieved. This also helps in non-subsite applications as well. So one instance of news or forums should not display data from another instance. In the data model this means adding a package_id column to the object_type specific table and storing the package_id of the package instance an object is created in.

Collapse
Posted by Randy O'Meara on
Thank you, Dave. That was very helpful and I was able to incorporate the package_id column so that now only data created under an instance is visible to that instance.

Maybe this should be added to Joel's newpackage tutorial. I did use his tutorial as a basis to begin building my package.

Now, I would like to address the permissions aspect. As it stands now, there is a single explicit 'admin' right granted to the object's creator in the __new pgsql procedure. What I would like to do is expand on this by creating groups associated with a package instance, and use those groups to grant general rights such as read, modify, create, delete, and possibly change-ownership. I would like to learn how to this programatically.

Can anyone briefly describe the steps necessary to add this functionality?

Collapse
Posted by Dave Bauer on
Randy,

You are looking at the concept of an application group. An application group is tied to a package_id.

Check out the tcl api https://openacs.org/api-doc/proc-view?proc=application%5fgroup%3a%3anew

I am not sure why the application group procs are private.

Also see: https://openacs.org/api-doc/proc-view?proc=application%5fgroup%3a%3agroup%5fid%5ffrom%5fpackage%5fid

which will return the group_id given a package_id.

Using this you should be able to create a group and grant permissions. Also use the tcl api for permissions. https://openacs.org/api-doc/procs-file-view?version_id=43373&path=packages/acs-tcl/tcl/acs-permissions-procs.tcl

One more thing :) If you are using OpenACS 4.6.2 or higher, look into the apm package callbacks. You can attach the group creation and permission granting to a callback that is automatically run when a package instance is created.

Collapse
Posted by Randy O'Meara on
Again, thanks Dave for your time and trouble.

Can you think of a good example package(s) that might illustrate the callbacks and api(s) mentioned above?