Forum OpenACS Development: Relationships, Relationsegments, Groups, Subsites

The group management (in acs-subsite) seems not to work properly...
Never mind that, I would like to build my own interface, but I do not understand the relationships and relationsegements data model fully.

Does anybody know, where to get detailed information about the relationship/relationsegment data model? I expect to have to dig into the code like a mad mole anyway, but I would like to keep digging to a minimum... 😉

Collapse
Posted by Caroline Meeks on
https://openacs.org/doc/openacs-4/groups-design.html
https://openacs.org/doc/openacs-4/permissions.html
https://openacs.org/doc/openacs-4/parties.html
https://openacs.org/doc/openacs-4/permissions-tediously-explained.html

These are some links that may help.

I also need to rewrite the acs-subsite group and user management pages for a personal/volunteer site I'm working on so I'd be very interested in seeing what you and others have done.

I think the acs-subsite admin pages out of the box have very confusing UI.  For instance, the simple and common task of adding a new user to a subsite takes 8 clicks, often with obscure choices.

It would be interesting to collect all the customizations people have done, and try to distill the commonalities.

Collapse
Posted by Dave Bauer on
Thomas,

You insticts are correct. The data model scripts have some useful comments that can help in understanding it all.

Collapse
Posted by Hazi Gharagozlou on
Caroline,

Don and I discussed group management in Copenhagen, and I volunteered to write the UI. I think we should start with something simple that answers most of need of an organization (Organization-Departments-Groups within departments, and cross relationships such as all admins, or all managers). I can start doing this work by end of this week, we can coordinate this together.

I have just finished the UI of the users screen and Don and Lars have seen it and seems to work. As soon as I finish further testing, I will upload it to file-storage for the benefit of all. Don will the decide release date.

Collapse
Posted by Don Baccus on
Hazi, Lars and I are talking about new group management pages.  At first these will supplant rather than supercede the existing pages because we'll support a simple "group-role" model in the new admin UI pages because that fits the needs of most people.  This is very much like what's done in .LRN.

I'd be interested in what Thomas thinks "doesn't work properly" in 4.6.2.  If there's a real bug (server error, etc)  please let us know ASAP as we're going to be pushing out a 4.6.3 release shortly.  If you think functionality's missing, could you describe what it is you want to do?  I may be able to tell you how to do it using the current admin UI, and we may be able to figure out how to incorporate it into the new, streamlined admin UI Hazi, Lars and I envision.

We're going to be working on the HEAD branch because 4.6.3 is coming out shortly and is a bug-fix only release.  Depending on the pace of progress of the HEAD branch (which we've decided to call 5.0) we'll release a 4.6.4 in a month or so, and *may* backport some of this stuff if there are people willing to help out and especially test it.

Collapse
Posted by Don Baccus on
Let me rephrase the above ... we've been thinking about providing simple group-role style admin pages because *we* think that's sufficient for the majority of sites (eventually we'll want to expose the extra capabilities of the system with  other user-friendly admin UI but for now, if we can get the more common needs built with a user-friendly admin UI we can live with the ugly existing UI for the complex and rare cases.)

Anyway ... my point is that if folks think that a group-role style admin UI is wrong or seriously insufficient this would be a very good time to speak up and make suggestions.

Collapse
Posted by Randy Ferrer on

I gave the group, rels admin a pretty good workout recently and everything was working for me other than the /acs-admin/users search form which is documented here near the bottom. So I'm very interested to find out what exactly is not functioning.

The UI is rather difficult to work with and the group-role style admin UI that Don and Lars are proposing would be a big improvement. I am going to need to set-up a fairly involved groups hierarchy soon to enable permissioning to specific parts (of what will evolve into a rather complex web site) for some individuals and not for others. I am not looking forward to dealing with the current UI. I recently checked out dotLrn for the first time and the approach taken there is very nice.

Collapse
Posted by Thomas Taylor on
To add a user to a group via the standard UI you sooner or later get to /admin/relations/add?group_id=1234&rel_type=membership_rel&party_id=2345

In most cases this works pretty fine and a new relationship is done. However, in some cases this does not work. Then the site will report an error like this:

'We had a problem processing your entry:

The party either does not exist or does not belong to this subsite.
Please back up using your browser, correct it, and
resubmit your entry.

Thank you.'

This happens with all users, that also do not get listed
on /admin/relations/add?group_id=3288&rel_type=membership_rel

Why certain users do not get listed here, I do not understand, since by the time I created those users via Login/Register only one subsite existed. The users I tried were all approved.

However, adding users to groups works ALWAYS, if you use direct PLSQL function SELECT membership_rel__new(:group_id, :party_id)

Hmm... seems I'm still a long way from understanding this part of the system.

Collapse
Posted by David Cotter on
I don't know much about groups/subsite etc not having looked at the code at all but I think it would be useful to distinguish users from each other based in what sub-site they registered from (if this is not already possible).
For the record I am providing the transcript of emails between Don and myself

***********
Hazi wrote:

Do you have any ideas how we want to approach this. I don't really understand how roles are defined (side one/side two!!!)

My approach is to take a simple scenario and try to build any easy way to implement it. Please let me know if this is acceptable, and if you have a different scenario, let me know.

In an organization all staff are members of registered users.
Registered users are then divided up in departments
Departments have a variety of groups (managers, staff, admin, etc.)
There should also be groups that go across departments (All managers, all admins)

Roles are defined and each group are is assigned a role. (Don's help)

If you have time can you give me an outline the most efficient way of creating the above scenario. Have I missed on something important?

*************
Don Responded

<blockquote> Do you have any ideas how we want to approach this. I don't
really understand how roles are defined (side one/side two!!!)
</blockquote>

Roles should be defined using relational segments.  My notion was that for
each subsite, we'd create an "admin" relseg along with the "member" relseg we
now create in the post-instantiation proc called by the APM.

If you've not explored relational segments, you should start reading dotLRN
and feel free to ask me questions as you do.  It helps if you realize that
"relational segments" are, in effect, "subgroups".

dotLRN's approach to this isn't bad, i.e. add someone to the subsite as a
member, an admin, etc.  In dotLRN you can only have one role in a community,
is this what we want in general ?  I'm not sure.  We may want to provide
for some flexibility.

<blockquote> In an organization all staff are members of registered users.
</blockquote>

As of 4.6, for the main subsite the membership group *is* registered users.
To be a member of a sub-subsite you must be a member of the parent subsite.
Every subsite has a membership group defined (other than the main subsite
which, again, just uses registered users.)  Every subsite also has a member
relational segment.

This is where things get a bit confusing:

To check if someone belongs to the subsite, you need to check to see if they
belong to the subsite group.  If you want to see if they belong but in a
particular role (only a member but not an admin, for instance) you need to
check the relevant relational segment.

It's less confusing in dotLRN as there is no relsegment (roll) called
"member", the least privileged community member in a class is called
"student".  Maybe our member relseg should be called something like "ordinary
member" or the like to reduce confusion?

Anyway ... relsegs are implemented using acs rels but all the "side one/side
two" stuff's hidden from you.  There's Tcl API to deal with relsegs and
groups and it's quite complete.

<blockquote> Registered users are then divided up in departments
Departments have a variety of groups (managers, staff, admin,
etc.)
</blockquote>

Each department would be represented by a group and possibly implemented by
giving each its own subsite (in .WRK at the moment .LRN communites are used,
in essence our goal is to eventually move subsite to where it has .LRN
community-like capability but without the rigid predefined structure of a
.LRN community.)

You'd then have the relational segments (subgroups) "managers, staff, admin"
and you'd add members to those relsegments.

<blockquote> There should also be groups that go across departments (All
managers, all admins)
</blockquote>

There are two approaches possible:

1. the ".LRN approach" - define global groups and relational segments for each
role and put users into those as you add them to the system.  In practice in
.LRN these roles are meaningless - you can add a "professor" to the system
who is later a "student" in a group - and that's the way it should be.

2. don't represent them in the datamodel directly at all, but synthesize them
with appropriate views that sweep up all managers etc.  This is perhaps more
flexible and should be efficient as all groups and all relsegs are mapped to
the acs-rels table, i.e. they're all mapped to one big flat table that's
indexed several ways.

I'd start, at least, with #2 as you can create additional views as you think
of new functionality you want to support, without having to physically modify
data in the system.

**********
Hazi wrote

Just to make sure that I understand what you want is with the creation of a sub-site(site-map sub-folder) an "admin" relseg and a "member" relseg gets created. We would then add a link from site-map to a page to manage those relsegs.

*************
Don responded

The member relseg is already created.  I think it makes sense to create an
admin relseg then assign the "admin" priv to that relseg automatically (but
no members.)  Of course anyone who can admin the parent site can admin the
child subsite automatically so this new relseg is for adding child subsite
admins who can't admin the parent or sibling sites.

I think the link would be added to the current admin page, replacing the
current "group" management link.  We'd keep the old admin pages around but
would perhaps name the link "advanced group/relseg management" or some
similarly scary name that would warn off those who don't know how the
datamodel works.  That's the problem with the current UI - it exposes the
datamodel so you need to understand the underlying SQL to understand the UI,
which is *wrong* since admins shouldn't need to be programmers.

Collapse
Posted by Dave Bauer on
I found a couple of inconveniences in the relation segment tcl API and I started to improve it. I'll dig up the code and make it available for review to be included.
Collapse
Posted by Don Baccus on
David Cotter: the current model doesn't support what you envision. though perhaps we should make it do so.  Currently, when you register you're always added as a "registered user", which is synonymous with being a member of the "main subsite membership group".  You have to be added to a given subsite later.

Dave Bauer: sure, let's see those improvements and try to fold them into 5.0.  Since you've not bugged me about groups and relsegs lately I assume you got everything working correctly for your project?

Collapse
Posted by Dave Bauer on
Don,

Most everything is working.

I have one question, which will probably help everyone:

Is it true that to be managed through the /admin/ pages, groups need to be components of the acs-subsite application group?

For 4.6.2 and up the Main Site subsite application group is Registered Users.