Forum OpenACS Q&A: Composite/Component/Membership group setup

Greetings,

This is probably an example of the current deficiency in the groups
admin pages, but I thought I would ask here in case there was some
way to do it.

I can't figure out how to make one group a member of another group
such that all the members of the first group are automatically
members of the second group.  On the group admin pages there are
two "permissable [sic] relationship types", Components and Members.
If I click Add Component I can select another group, but according to
the OpenACS documentation this does not make the members of the first
group members of the second group because this is
a "composite/component" relation.

Under the Membership relation if I click Add Member, it tells me
there is no other person that can be added to this group in the
subsite, and gives me an option to search the system or add a new
user.  So that doesn't appear to be the way since it doesn't talk
about groups at all.

I can create a relational segment (the admin screen said "create a
segment representing all members of this group") in Members, but then
I can't figure out what to do with it.

Help?  Thanks!

Collapse
Posted by Tilmann Singer on
To my understanding there are those two basic type of relationships: composition and membership.

Persons and their subtype users can be related to groups only via the membership relationship, e.g. one user can be a member of one group.

According to /doc/permissions.html I thought that on the other hand, groups can be related to each other either via membership or via composition relationship. In the latter case the parent group would inherit all the members from the child group so that they appear as members of the parent as well, in the first case they would not be inherited.

But at the groups admin pages it seems that one group can only be related to another group via the composition relationship, because when I select "Add a member" it does not offer me groups. Don't know why, maybe an oddity of the groups admin pages. (Actually I find it hard to imagine a scenario where one would want a group to be a member of another group).

But what you want anyway is to make one group a _component_ (=composition relationship) of another group.

The members of the contained group will appear as members of the container group - but again not in the groups admin pages - I think those will only display direct members. Look at the view group_element_index for example, which will list you all members. Or try the following: Make group B a component of group A, and user X a user profile (member) of group B. Now grant a certain privilege to group A and check if user X inherits the privilege.

Collapse
Posted by Stephen . on
C.R., you are asking for group membership inheritence to flow from parent to child -- any member of a parent group automatically becomes a member of any component sub-group -- which is opposite to how the groups system currently works.

What are you trying to model? There is probably a differnt way to do it.

Collapse
Posted by C. R. Oldham on
C.R., you are asking for group membership inheritence to flow from parent to child -- any member of a parent group automatically becomes a member of any component sub-group -- which is opposite to how the groups system currently works.

I guess I'm really confused then. I read the docs over again this morning and I think I've been laboring under the misconception that you could have both a group with a sub-group as a component and a group with a group as a member.

What are you trying to model? There is probably a differnt way to do it.

Well, what we were trying to do was come up with a way that we could easily restrict sections of our website to collections of people without having to exhaustively list all the groups that should have access.

For example, say we have the following groups: Site Members, Administrative Staff, Chairpersons. Since I thought you could relate groups together with either a composition or a membership relation, and the composition relation caused permissions to be transitive but not membership, I figured we would create a group called "authorized-users-content" that would contain the groups Site Members, Administrative Staff, and Chairpersons. Then when we needed to see if a visiting user could see protected content we would see if he had the appropriate permissions via the authorized-users-content group. In addition sometimes we have people who need to see protected content but don't fit into any of the other three groups--then we would just add them as members to the authorized-users-content group.

So I think our modelling is still OK. I can't think of a reason why this would not work, unless we can't make one group a member of more than one other group.

Collapse
Posted by Stephen . on
I think I missunderstood what your 'first group' and 'second group' refered to in your first posting.  Tilman is right, the group pages are lying to you about who is a member of your groups. It looks like you had it set-up correctly, try assigning permissions and see if it works.
Collapse
Posted by C. R. Oldham on
Yes, I think it does work.  I created two groups, made one a component of the other, and added a user to the component group.  I then created a bboard, removed the inherited permissions and added permissions for the composite (first) group.  The user I added could post and read to the bboard.

Now I'm having trouble with the user admin pages, see my thread at

https://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0003zy&topic_id=11&topic=OpenACS

Collapse
Posted by Denis Barut on
I had the same problem, and i just add a segment in the member_relationship of the container group (with no constraint) and then when i go to the segment, then i can see the "number of Members" of the container and the contained goup.