Re: [Tikiwiki-devel] workspaces - need some light

[Giancarlo P. <gia...@ya...>]

> Dear Giancarlo,
....
> One thing is clear: profiles (profiles.tikiwiki.org) are going to play
> an important role in the new scenario. We talked about a new term,
> coined perspectives .

I'm goint to take a look at it. Unfortunately I'm always on a very slow 
connection..

> We ask you (and all the community, of course ;D ) to join us to a new
> experimental branch to work in this (
> http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/experimental/w
>orkspaces/ ) . It's better to work in the same direction. What do you think?

Always because of my narrow band... you mean one can checkout/commit 
only 'workspaces' without the whole tikiwiki?
>
> Now I go into you mail.
>
....

> > - the role of RolePerms-xxx  and ROLEGRPxxx groups:

I understand this is a tiki-wide perms group. All 'teacher' roles will have 
these group permissions, except of course for objects that have  individual 
object permissons applied to them (eg workspace resources)

> I think you are right when you say that RolePerms-xxx group serves only
> as an isolated template.

At first they look like tiki-wide  permission groups, but in reality every 
perm in the RolePerms.xxx group gets converted into an  *object permission* 
for  each  related resource (object) of any workspace type which has that role 
in its workspace_type_roles. 
(mmmh...  maybe one can explain this better...)
These are not group perms, but a template for assigning object perms to 
workspace resources.
So definetely they don't have to be included in any other group.
I evinced this from 
lib/workspaces/workspacelib.php   function assign_permissions
(the magic is mostly there)

> > - workspaces and categories:
> >   This is another dark area for me. By activating categories feature I
> >   noticed that workspaces use a category for every workspace.
> >   What about if we want to categorize items in workspaces, eg. give
> >  'Teacher' the capability to assign extra categories to a wiki page in
> >   his, but only in his, workspace?  As OFIMA01 ws and all its resources
> >   belong to the same OFIMA01 category, can we obtain that?
>
> I don't understand exactly what you mean here. 
> Could you expand on the 
> issues you mentioned above?

There are 4 category-related perms: 
  tiki_p_admin_categories    Can admin categories (eg create a new categ)
  tiki_p_view_categories       Can view categories
  tiki_p_view_categorized     Can view categorized items
  tiki_p_edit_categorized     Can edit items in categories ( can edit any 
categorized object + can assign categories to any categorized object?)

Every workspace is also a category.
Resources (objects) of a workspace are categorized objects of their 
workspace's category

If you activate feature_categories, and browse though them, you find your 
workspace, and you can assign category-related perms to it.
That is you can assign object perms 
'tiki_edit_categorized' and 'tiki_p_admin_categories' to an object of 
type 'category', like your workspace is. This is something you can't normally 
do by managing workspaces or workspace resources.
What does this means? What are the perms  'teacher' needs to be able to 
categorize eg: a wiki page in his workspace?

As of now it seems that:

* if 'teacher' has  'tiki_p_edit_categorized' as group perms (he can edit
  *any* categorized object), 
   AND   the WSOFIMA01 course, as a category, has no individual permissions 
  (as seen from tiki-categpermissions.php?categId=) 
  AND  teacher has tiki_p_edit perms on 'WSOFIMA01 - Home Page' of the
  workgroup 
  AND teacher *has not 'tiki_p_edit'* group perms:
           
-  he can edit and add/remove categories from 'WSOFIMA01 Home Page'
-  he can edit  (this is something I wouldn't want) and add/remove categories
   from *any* categorized wiki page that  has no individual object perms
   assigned

* if WSOFIMA01 as an object of type category (through
   tiki_categpermissions.php) has  assigned individual 
  'tiki_p_edit_categorized' perms to 'WSOFIMA01-Teacher' group  
  AND teacher has tiki_p_edit perms on 'WSOFIMA01 - Home Page' 
  of the workgroup 
  AND teacher has not   'tiki_p_edit_categorized' as group perms 

- 'teacher' can edit 'WSOFIMA01 - Home Page' but he has only one choice
   category he can assign to it: WSOFIMA01
- 'teacher' cannot edit/remove/assign category to any other categorized
   page out of WSOFIMA01

So none of these settings allows to obtain that 'teacher' can categorize only 
his workspace objects to any category.

Hope it was more clear.

Giancarlo