[Pbwebgui-development] Proposed WebGUI Groups

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hey Folks,

I'm going to be coding additional groups functionality for my installed 
version of webgui and I wanted to get your feedback and suggestions before 
beginning. If you have any additional requirements, it'll be easier to 
incorporate them into the "groups" design now rather than later. Please let 
me know of your particular requirements (this includes you JT =), I'll 
include them in my design and submit them to webgui.

Thus far my groups strategy has several parts to it. In fact the viewing 
privileges are fourfold. All of these options will be able to be configured 
using any or all of the below options.

For viewing:
1. IP based restrictions (wildcarded IP addresses. you'll be able to 
provide the first two octets and restrict access to everyone outside of 
that domain. Similar to .htaccess file)

2. Checking against our internal people management software. As an example, 
I would be able to limit access to only people in the accounting 
department, who work second shift, and have a last name that begin with P. 
For webgui (plainblack) this may fit in nicely with the proposed "rolodex" 
application.

3. Extended webgui groups of groups. Essentially, in a nutshell, each 
'major' group will have a group owner(s) that will be able to control all 
aspects of their group to include: group membership, 'minor' group 
creation, and the minor group privileges for their set of editable groups. 
These groups will place the responsibility of group management on the end 
user ('major' group owner(s)) instead of the administrators. I'm still 
working out exactly how I want this to work, but you can think of it as 
webgui groups of groups "on steroids".

4. Exclusion group. This group can never see, edit or delete any 
information once they are placed in an exclusion group and that group is 
excluded from a page. At work we have information that is company private, 
that can not be seen by sub-contractors working on our network, even if 
they are in the default "admin" group. I need a way to limit access to a 
specific group, no matter their default webgui privileges. Once again, I'm 
still working on this functionality and looking for input and advice.

For editing/deleting/creating:
The permissions associated to a page probably won't change a whole bunch, 
however I am looking for more extended functionality with editing and 
deleting information. This may just use the same combinations as the 
proposed viewing privileges, only for editing though.

I'm looking for suggestions, input, advice on what I've come up with and 
the impact this would have on webgui. Also, if you have additional 
requirements please let me know so I can include them in my development 
brainstorming sessions. I would like to keep this 'pluggable' so we can 
extend these privileges into other third party software (i.e. PeopleSoft)

Thanks,
Bryan