Forum OpenACS Q&A: Composite/Component/Membership group setup

To my understanding there are those two basic type of relationships: composition and membership.

Persons and their subtype users can be related to groups only via the membership relationship, e.g. one user can be a member of one group.

According to /doc/permissions.html I thought that on the other hand, groups can be related to each other either via membership or via composition relationship. In the latter case the parent group would inherit all the members from the child group so that they appear as members of the parent as well, in the first case they would not be inherited.

But at the groups admin pages it seems that one group can only be related to another group via the composition relationship, because when I select "Add a member" it does not offer me groups. Don't know why, maybe an oddity of the groups admin pages. (Actually I find it hard to imagine a scenario where one would want a group to be a member of another group).

But what you want anyway is to make one group a _component_ (=composition relationship) of another group.

The members of the contained group will appear as members of the container group - but again not in the groups admin pages - I think those will only display direct members. Look at the view group_element_index for example, which will list you all members. Or try the following: Make group B a component of group A, and user X a user profile (member) of group B. Now grant a certain privilege to group A and check if user X inherits the privilege.

C.R., you are asking for group membership inheritence to flow from parent to child -- any member of a parent group automatically becomes a member of any component sub-group -- which is opposite to how the groups system currently works.

I guess I'm really confused then. I read the docs over again this morning and I think I've been laboring under the misconception that you could have both a group with a sub-group as a component and a group with a group as a member.

What are you trying to model? There is probably a differnt way to do it.

Well, what we were trying to do was come up with a way that we could easily restrict sections of our website to collections of people without having to exhaustively list all the groups that should have access.

For example, say we have the following groups: Site Members, Administrative Staff, Chairpersons. Since I thought you could relate groups together with either a composition or a membership relation, and the composition relation caused permissions to be transitive but not membership, I figured we would create a group called "authorized-users-content" that would contain the groups Site Members, Administrative Staff, and Chairpersons. Then when we needed to see if a visiting user could see protected content we would see if he had the appropriate permissions via the authorized-users-content group. In addition sometimes we have people who need to see protected content but don't fit into any of the other three groups--then we would just add them as members to the authorized-users-content group.

So I think our modelling is still OK. I can't think of a reason why this would not work, unless we can't make one group a member of more than one other group.

Yes, I think it does work.  I created two groups, made one a component of the other, and added a user to the component group.  I then created a bboard, removed the inherited permissions and added permissions for the composite (first) group.  The user I added could post and read to the bboard.

Now I'm having trouble with the user admin pages, see my thread at

https://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0003zy&topic_id=11&topic=OpenACS