Lennart Regebro <[EMAIL PROTECTED]> wrote: > With workgroups you create ten workgroups. Within each workgrup you assign > users to their respective roles. You then add the workgroups to the correct > places in the hierarchy. It also opens for the possibility to assign > workgroup managers that can create users and add them to their groups > without having any other manager rights (although this could be added later > to make it easier to implement).
Okay now I understand. It's indeed another form of indirect management of local roles. In getRolesInContext you'd have to have examine __ac_local_workgroups__, containing the list of workgroup ids, and to know what user->role mapping a workgroup has you'd have to consult the place where the workgroup definitions are stored, probably the acl_user of the user we're currently looking at. Then it's simply :-) a matter of user interface. There's also the question of what permissions are needed to modify a workgroup of course. Does this match what you want ? Looks quite feasible to me, and I think it can be done pretty independantly of the user groups I propose. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:[EMAIL PROTECTED] _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )