Forum OpenACS Development: Groups / Permission Question (OpenACS 4.5)

1: Groups / Permission Question (OpenACS 4.5)

Posted by Vincent Gulinao on 02/03/03 09:03 AM

I've read the docs over and over for weeks now but i still can't understand how the permission system is done, so i think it's time for this post. Sorry guys 😟.

This is what i need to do ...

i have 4 packages, say P1, P2, P3 and P4.

First i need to turn-off the auto-registration feature (so no user exept the administrator could initially login the system), then create the following groups (4 groups, let's call it A, B, C, D), that satisfies the following purposes:

1. group A
- is admin (r,w,c,d) to all 4 packages.
- creates members for group B in package P1.
2. group B
- is admin to package P2 only, for his own records only.
3. group C
- creates members for group D in package P3
4. group D
- the public, (no defined privilege yet)

please help ... i need it badly 😟.

Thanks in advance.

2: Re: Groups / Permission Question (OpenACS 4.5) (response to 1)

Posted by Peter Marklund on 02/03/03 10:57 AM

Vincent,
you create groups A, B, and C using the groups admin UI. Group D you don't need to create, it is already predefined in the system, you have both "the_public", and "registered_users" to choose from (retrive the group id:s with Tcl proc acs_magic_object).

Grant admin on a package by clicking on the "set permissions" link for the package in the site-map admin UI (/admin/site-map) and granting the admin privilege to the appropriate group.

You must be site-wide admin to let self-registered users into the system or create new users. One approach to the member feature is to build your own admin UI in your package. Each package needs to have a member group and you could create an admin_members privilege that you would grant to the groups that are supposed to be able to add members to a package.

Remember that you can also nest groups. For example the member group for a package could have a sub group for admins. That way if a user is in the admin group of a package he is automatically also in the member group.

Hope this helps you along.

/Peter

3: Re: Groups / Permission Question (OpenACS 4.5) (response to 2)

Posted by Vincent Gulinao on 02/03/03 12:59 PM

thanks man.

i'll find my way to create these groups i need as u suggested though for now the UI for adding group in my installation seems not working properly, maybe it's a known bug i haven't discover yet, or i just did something stupid again 😊 ... though it's another issue i need to figure out.

what i also need is to toggle off that self-registration feature. i need my site be accessible _only_ to a set of pre-created users, i.e., users have to be added first directly by an allowed group of users before anyone can actually logon to the system, using possibly a separate UI included in one of my packages or another instance of the default registration.

once i be able to create these groups, what i really need is to define which of these groups have access privileges to certain _packages_. say group A to package p1, group b to package p2 and so on, and to find out how to add members of a group within one of my package.

Thanks.

4: Re: Groups / Permission Question (OpenACS 4.5) (response to 1)

Posted by Mark Aufflick on 02/04/03 04:58 AM

one way you can prevent people just registering themselves is to set the RegistrationRequiresApprovalP flag to 1. This will have the effect that, although people will be able to complete the registration forms, their users will not be activated without an administrator specifically doing that.

You set this flag by going to /admin/sitemap and clicking "set parameters" next to "Main Site" (near the bottom). Then click the "user-login" section link and look for the RegistrationRequiresApprovalP parameter.

If you really want, you can cosmetically remove the ability for someone to get to the registration pages by hacking the login pages in the acs-subsite package (off the top of my head i think everything you would need to change would be in packages/www/register)