General discussion

I'm curious how much work/how feasible it would be to extend Drupal to have a more flexible based group permissions system. I understand that you can setup "user roles" and assign a user a role, then define that roles permissions. However, this is very very limited.

I'd like to see a system where multiple groups can be created, each group has it's own permission settings. Then a user can be a member of multiple groups.

A new admin section might be needed, where the site admins assign a user to a group. Or, each group might be able to have it's own administrator, who has authority to add or delete users from their own group.

In addition, the main site admin could juggle users around into/out of various groups as they saw fit.

In addition, I'd like to see the group permissions extended where users could create a group. Then, the users could define what nodes or content or calendar/events, etc... can be accessed by the public at large, or by the user assigned groups.

This would be basically extending drupal more towards the PHProjekt style of user/group permissions. Instead of dwelling in the land of CMS, moving more into the land of CMS/GroupWare based systems. A lot of the basics to Drupal would lend itself well to expanding into GroupWare, just none of the controls exist to manage this.

Any thoughts? Basically, I want to use PHProjekt for my use, but it's too GroupWare oriented, and Drupal is too CMS and not enough GroupWare oriented.

We are currently working on a redesign of Drupal's administration pages; the goal is to improve usability for both novice and experienced Drupal users. Michael Angeles, a long time Drupal user/contributor, has been blogging about the redesign so make sure to check out his Drupal-related blog entries.

Bill Humphries wrote:

Frank Booseman would like blog tools to support walled garden posting. He's inspired when a friend would love to post photos from a party, but not to the whole world. Live Journal, which I've been playing with lately, supports this. It can, because it's a monolithic (on the server-side) application. I created a LJ account, and friends who were already there added me to their 'friends' list, and added them to mine. They post a private entry, and their friends see it, but not others.

Pete Prodoehl suggested to look at Drupal, to which Bill responded:

Drupal's a nice system, but it doesn't do what I really want: I'd like a system which does not require the user to set up an account. I'd like to get a token in the request that says "I'm Jane User, and here's my assertation that I'm Jane User", and since Jane User is my friend and her assertation could be verified (though a public directory, or because someone I trust has signed her key), she gains access to the friends and family-only materials on the server without signing in. And, the key piece is that this may be the first time she's been on the site.

Live Journal can do that because all the journals are part of the application, and I sign on once. Any LJ user can recognize me as their friend, and I get access to their friends-only materials.

The godsawful piece is the public key infrastructure.

Which reminds me of this blog entry where Paul Bausch describes how he experimented with PGP-signed comments and how he think it would be a good way to verify identities. The talented folks behind MovableType picked up the tread saying that it could possibly be used to build a web-based verification service with a trust web.

As online communities (incl. the weblog community) continue to grow, and as more and more websites become interactive, identity theft might become a big enough problem that we'll want to deal with it. An interesting challenge for 2003?.