Forum OpenACS Q&A: What (really) is subsite-awareness?
For example, the "Directory" package claims awareness and, the best I can tell with a quick scan, in this context it really means that the package plays nicely with the groups (actually application groups) system. Aother example would be "Photo Album" (Jeff's version) where awareness means allowing access only to content associated with a particular subsite.
So, I'm thinking that subsite-awareness is:
a) being aware of and using subsite application groups and the permissions applied to objects through association with these groups, and
b) associating each object with the package_id of a particular subsite so that "select"s return the subset of objects having this association. I found context_id and said "woohoo, can I just set and select objects based on this value?", and then I read Dave's comments that say "don't do that!", so I'm not sure how to go about this aspect of awareness.
I would like to understand the components, tools, and procedures required to make an application subsite-aware. Would anyone care to break this down into a step-by-step process or set of guidleines so that I and others can understand and apply the principles in order to make our applications play nicely now and in the future? If not, I'll still read any comments that anyone would like to add.
Actually a package generally should not store data based on the subsite package_id, but the package_id of the package instance. That is, a package instance should only "see" it's own data. When this happens subsite awareness, as it is called, is achieved. This also helps in non-subsite applications as well. So one instance of news or forums should not display data from another instance. In the data model this means adding a package_id column to the object_type specific table and storing the package_id of the package instance an object is created in.
Maybe this should be added to Joel's newpackage tutorial. I did use his tutorial as a basis to begin building my package.
Now, I would like to address the permissions aspect. As it stands now, there is a single explicit 'admin' right granted to the object's creator in the __new pgsql procedure. What I would like to do is expand on this by creating groups associated with a package instance, and use those groups to grant general rights such as read, modify, create, delete, and possibly change-ownership. I would like to learn how to this programatically.
Can anyone briefly describe the steps necessary to add this functionality?
You are looking at the concept of an application group. An application group is tied to a package_id.
Check out the tcl api https://openacs.org/api-doc/proc-view?proc=application%5fgroup%3a%3anew
I am not sure why the application group procs are private.
which will return the group_id given a package_id.
Using this you should be able to create a group and grant permissions. Also use the tcl api for permissions. https://openacs.org/api-doc/procs-file-view?version_id=43373&path=packages/acs-tcl/tcl/acs-permissions-procs.tcl
One more thing :) If you are using OpenACS 4.6.2 or higher, look into the apm package callbacks. You can attach the group creation and permission granting to a callback that is automatically run when a package instance is created.