GRUF - GroupUserFolder

GroupUserFolder is a kind of user folder that provides a special kind of user management. Some users are "flagged" as GROUP and then normal users will be able to belong to one or serveral groups.

Group and "normal" User management is distinct. Here's a typical GroupUserFolder hierarchy::

     - acl_users (GroupUserFolder)
     |
     |-- Users (GroupUserFolder-related class)
     | |
     | |-- acl_users (UserFolder or derived class)
     |
     |-- Groups (GroupUserFolder-related class)
     | |
     | |-- acl_users (UserFolder or derived class)
     . .
     . .
     . .
              

So, INSIDE the GroupUserFolder (or GRUF), there are 2 acl_users :

• The one in the 'Users' object manages real users
• The one in the 'Groups' object manages groups

The two acl_users are completely independants. They can even be of different kinds.
For example, a Zope UserFolder for Groups management and an LDAPUserFolder for Users management.

Inside the "Users" acl_users, groups are seen as ROLES (that's what we call "groles") so that roles can be assigned to users using the same storage as regular users. Groups are prefixed by "group_" so that they could be easily recognized within roles.

Then, on the top GroupUserFolder, groups and roles both are seen as users, and users have their normal behaviour (ie. "groles" are not shown), except that users affected to one or several groups have their roles extended with the roles affected to the groups they belong to.

Just for information : one user can belong to zero, one or more groups. One group can have zero, one or more users affected.

• CMF ? Yes.
• Plone ? Yes. There are even additional forms and tools for Zope to gain full benefit of group information. But these are completely optional and Plone can work without. GRUF will be integrated to Plone 1.1
• Zope standalone ? Yes (Zope >= 2.5) and it's a major requirement for us. GRUF will always work with existing Zope 2.x (> 2.5), without the need to add, patch, modify or do anything to make it work.
• My existing Zope application ? Yes, provided you do not use non-official security functions. GRUF is completely transparent.
• LDAPUserFolder ? Yes, with groups beeing stored in LDAP database or not.
• SimpleUserFolder ? Yes.
• My coffee machine ? Not yet, but we're actively working on it !

Here comes a few screenshots of GRUF administration interface.

The way GRUF shows-up in the ZMI

The way GRUF shows-up in the ZMI (continued)
You can see the two regular User Folder objects within GRUF's Groups and Users containers.
Those user folder can be replaced by any Zope security API-compying User Folder. Wow !

A users, groups and roles overview

The groups management interface

The users management interface

A security audit results page

• Can I nest some GRUFs ?

Maybe... but what for ?
• Can I use GRUF outside Plone ?
  Yes, yes, yes, yes and yes.
• Is GRUF stable ?
  It's used in a production environment for several major websites. Furthermore, it's qualified to be included in Plone 1.1. It's considered reliable enough !
• Is GRUF maintained ?
  Yes, it is, actively. Features (especially regarding useablility) are often added to GRUF. Official releases are considered very stable.
• Can I help ?
  Yes, for sure !
  GRUF is an Open-Source project and we, at Ingeniweb, are always happy to help people getting involved with our products. Just contact us to submit your ideas, patches or insults ! :-)