Re: [Openinteract-help] Serving a lot of sites within one OI system

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Barry Hoggard wrote:
> I'm reading the documents, but before I get too deep, I want to see if 
> OI is likely to work for the system I'm designing.  I've started hosting 
> web sites for artists, and they each have a CMS for dealing with works, 
> images, etc.
> 
> I want to create a system where I only have one set of handlers, but 
> which CSS, HTML, and database records presented depend on the hostname. 
>  That is -- all of the sites point to one IP, and we switch depending on 
> which one it is.
> 
> Does it seems reasonable to build such a system with OI?  I'm wondering 
> about the ability to let someone only edit "their" objects within the 
> editing system using OI and SPOPS security.

It should be possible with a little work. I haven't done this 
before, but to get technical I think you'll have to do the following:

In the vhost config:

  * only set the 'PerlRequire' to execute on *one* vhost config
  * set all the other perl-specific entries in all vhost configs:
     <Perl>use lib...
     PerlSetVar
     <Location />...
  * add something like 'PerlSetVar CmsGroupId 4' to each one, 
varying the group ID based on the different vhost
  * add something like 'PerlSetVar CmsThemeId 4' to each one, 
varying the group ID based on the different vhost

Elsewhere:

  * create a group for each CMS defined
  * create a subclass of OpenInteract::Auth which overrides 
'group' and fetches the group object based on the CmsGroupId for 
that vhost
  * create a theme for each CMS defined; you can vary only the 
theme properties you need
  * create a subclass of OpenInteract that overrides 
'setup_theme' and fetches the theme object based on the 
CmsThemeId for that vhost
  * create a security policy so that every object that is secured 
sets the CmsGroupId to at least read and that the 'world' 
permissions are set to 'none'

The last one (relating to object security) is the only difficult 
one, and to be honest I've never tried implementing a security 
policy like this. In theory it's not that difficult, but...

Hope this helps,

Chris

-- 
Chris Winters (ch...@cw...)
Building enterprise-capable snack solutions since 1988.