[SGVLUG] Plone

[Dustin]

On Wed, 20 Jul 2005, Rich Pinder wrote:

> Again... you probably had traversed up into the ZMI,

No, but close enough--I had explicitly gone there by going to
localhost:9673/ and clicked the link (which goes to /manage, I think)
rather than to localhost:9673/plone.  Since I had to go there to create 
the Plone instance in the first place, I think of it being independent of 
Plone and didn't really think of using the Plone link (though I see it 
there).

> ...and you probably have
> the default setup where the 'admin' user for Zope is 'inherited' down into
> the Plone instance....

You can bet money that I have the default setup for anything Debian didn't 
change. :-)  I'm looking for "minimal working site" here, not cool 
configuration.

> ...so at that point you were using the ZMI 'http AUTH'
> method to authenticate (not cookies thats used in Plone).  But then you
> went BACK into the Plone instance, and tried to log out there.

That is exactly what happened--I would have still been logged into the ZMI 
in another tab since I had just created the Plone instance.  Generally I 
keep a tab for each so it is easy to move around.

> down and select  LOGOUT - you'll immediately be presented with another Zope
> log in dialog box

Looks like an Apache dialog to me. :-)

> ...- hit CANCEL here, and you'll then see 'logged out'.  If
> you then go to the url of your plone site    
> 127.0.0.1:8080/<PloneSite>     you'll see that you're not logged in.

Yes, I tested all that when I responded to your other mail.  It seems to 
work fine now that I understand there are two different authentication 
systems happening at once, and thanks to the inherited account they are 
not independent.

OK, now that I've attempted to create an admin group and add myself to it, 
I see the security model is still different than it appears.  It looks 
like I should create a group, say "admin", and then click on the roles 
that it's members should have, from the available list "Member, Reviewer, 
Manager, Owner."  However, if I do this I get an error each time I try to 
add a role to the group.

The error message for adding (say) the Member role to the admin group 
looked very much like it failed to find a *group* named "Member", so I 
created a Member group.  After doing this, I could click on the "member" 
checkbox in the line for the 'admin' group and successfully click on 
'apply changes.'

So it appears that I need an existing group for each available role, and
then probably I can create groups that aggregate these roles together into
custom groups.  Is that the case?  If so, then why aren't the Member, 
Reviewer, Manager, and Owner groups created automagically when I create 
the site?

Also, do these groups nest or not?  In other words, does a manager or 
owner automatically have the abilities of a member or reviewer?

Yes, I know that the on-line docs probably contain this information, and I
really do plan to spend more time with them, but I'm asking anyway partly
out of sheer laziness: I'm installing enough CMSes one after the other
that I'll happily take any shortcuts anyone is willing to give me.

In other words, sometimes I have to be convinced first that the candidate
is good enough to be worth reading more docs.  Typo3 didn't make that cut,
for example, partly because the install was so dreadfully long and partly
for the very shallow reason that the docs and default appearance were so
insane (I wish I'd just used the Typo3 stub site rather than the default,
it probably wasn't puke green everywhere).

I noticed that Typo3 got high marks in some reviews, but only ones written
by Scandinavians.  I took that as an indicator of the quality of
English-language support, rightly or wrongly. :-)

One nice feature of Plone that I didn't see in the other CMSes: each user
can choose their preferred text size.

Dustin