Building a community style website

Author Message

Bung Rudi

Sunday 20 February 2005 11:54:57 am

hello,

what im trying to do is building a portal with many personalised features, i.e, users can have his own blog, etc. Has anyone achieve this with ezp?

my flowcart so far reads like this:
i use a custom module to register new users. along with every newly registered user, there will be a new folder created under 'var' folder (var folder inside ezpublish, which is merely a db entry, not the var folder on the filesystem) with the same name of the new user. var folder is a folder i created to hold every user's stuff, such as image entries, blog entries, etc.
after the folder created the script continued to impose a subtree limited role to the new user which makes him able to create stuff within his own folder (the one under 'var').

what i want to ask:
is this the right way to achieve what i want in ezp? is there a hook in module/view "/user/register" or "/user/confirm" that get called after a user finished registering? is it ok to have so many role assignment? (if i have 3000 user registered there will be 3000 subtree limited role assignments).

i badly need advices..

thanks

Gabriel Ambuehl

Sunday 20 February 2005 12:28:33 pm

I suppose right now it can't be done without a lot of subtree restricted rules.
You could, however, look into modifying the rule system to that it can also allow stuff based upon the owner of the parent object.

Visit http://triligon.org

Bung Rudi

Sunday 20 February 2005 12:50:57 pm

yes hacking into ezp sources is on my consideration too. but im trying as much as i can not to do that and use modules or availble hooks.

Gabriel Ambuehl

Sunday 20 February 2005 1:10:04 pm

Understandable (tho I did hack one of the base tables, when using enhancedobjectrelation) ;-).

But such a change in the kernel might have chances to get into the base distribution if you're ok with assigning copyright to eZ?

Visit http://triligon.org

Eivind Marienborg

Monday 21 February 2005 12:28:21 am

I have used the last eight months building and running a community website with eZ Publish. We currently have over 300 registered users, and from 1000-1600 visits pr day.

Each user has his/hers own blog, image gallery, personal profile with image, basic info about themself (adress, email, msn etc), and a list of groups in the community that they belong to. I've also set up a messaging system, allowing users to send messages to each other. There's also a forum, much like the one here on ez.no.

Setting it up wasn't really as hard as it seems like you're planning on doing it. First of all, I used the user object as the container for the child objects - So that all messages, blogs and images are created directly under the user object. This gets me out of the custom module you mention, to create separate folders and rights for each user.

All (logged in) users are in principal allowed to create blogs, images and messages under ParentClass( User ). They also have the right to edit their own user (user selfedit *). I do the actual create and edit control in templates:

Because each user create blog entries and images directly under their own user, and the template that fetches the blog entries and images is the template for displaying the user (I use view parameters to check which view to enable - normal profile, blog or image gallery), a simple can_edit is enough to see if the current user should be allowed to create blogs and images (the can_edit checks the "user selfedit").

So, if the can_edit test is passed, I use a section to display a "Create blog-entry"/"Create image" button.

We've had this system up and running since August, and have had no problems with it so far.

I hope this was understandable.. Feel free to ask if anything's unclear :)

Gabriel Ambuehl

Monday 21 February 2005 12:46:46 am

If I interprete you correctly, you did set ParentClass to User for those contentclasses, right? If so, that applies for any user and with handcrafted requests could allow users to post under other containers, no? Sure, they don't see the button there but nothing stops them from supplying them the data by hand.

Visit http://triligon.org

Eivind Marienborg

Monday 21 February 2005 1:16:18 am

That's correct. But seeing as the community I'm running is a closed one, there'd be no problem banning them from the site if they misbehave.

Bung Rudi

Monday 21 February 2005 3:50:47 pm

thats pretty clear thanks. using the class user for the container is a good idea. but i think i still need to resolve the permission problem noticed by gabriel.

Eivind Marienborg

Monday 21 February 2005 10:10:33 pm

Yeah, it's a very noticable security breach, so unless you can trust your users to keep their hands of, and don't have any good ways to exclude people from the community, I guess you have to. But, as I said, I've had it running since August without problems :)

Bjarte Lunde

Friday 20 May 2005 12:52:17 am

Can you please tell me some more details about how you made this?
Classes etc?

kracker (the)

Friday 20 May 2005 1:08:01 am

If I may be so bold, Eivind.

Would you consider packaging your eZ publish installation and database and making the whole thing available to the community.

I would personally be very interested in re branding / cutting out your specific information and redistributing a finely tuned community distribution with all the settings required in place to start with instead of starting with a stock eZ publish installation.

I know there are others who share this interest.

respectfully,
//kracker

<i>Counting Crows : Up all Night ?</i>

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Eivind Marienborg

Friday 20 May 2005 3:18:13 am

That might be an idea. There's not much to export though, I've made no changes to kernel or anything, only new classes and templates.

I don't have much time these days, as I'm approaching several deadlines.. But I'll look into it as soon as I can. In the meantime, do you have any docs or info on packaging the installation?

kracker (the)

Friday 20 May 2005 5:21:13 am

Eivind,

I am willing to do the work for everyone as I am eager to <i>make</i> the time...

If you simply dump your database into your ezpublish directory and archive all of it with these commands:

cd /path/to/ezpublish ;
mysqldump -u userName dataBaseName -p > ezpublishDataBaseDump.sql;
cd ..;
tar -zcf ezpublishCommunityExample.tar.gz  ezpublish;

Simply email the ezpublishCommunityExample.tar.gz archive to <i>/dev/null</i> , no matter the size, please send the whole archive.

I will gladly take the time to trim out any specific branding / content from your build, host the whole edited archive publicly. I'll also break out the actual components / editions into smaller packages and host those publicly.

I can even host a live demo of the revisions for you to review for your approval of it's release.

Respectfully,
//kracker

Sixtoo & Sole & Sage Francis: When <i>Freedom</i> Rings

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Xavier Dutoit

Friday 20 May 2005 5:26:05 am

Hi,

Have you tried using the package feature ? exporting the nodes is going to export the class definition too and * I think * the specific templates too.

X+

http://www.sydesy.com

Eivind Marienborg

Friday 20 May 2005 5:32:20 am

Our database contains sensitive and personal information on our 3000 members, so I can't do a complete dump, unfortunately. Any other approaches?

kracker (the)

Friday 20 May 2005 5:41:07 am

Hrm, I guess that becomes part of the contradiction.

You could dump the database, load it back into mysql under an new name and prune out these sensitive records rather quickly, thus removing this as a limitation to distribution. But then we are back to time ...

//kracker

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

kracker (the)

Friday 20 May 2005 11:22:07 am

Well,

I don't know if it will mean much of anything but I can't just give up without trying for the others who have already given up inside.

I myself am a systems developer who regularly turns his head away from 'noticing' others sensitive information?

I am well versed in ignoring / striping out sensitive information that I see in my day to day work in order to protect the client.

I doubt a solemn commitment, swear on my future (what ever it may be) in this community, my history in the community, that I could and very much would still like the opportunity to help you and everyone else asking for these kinds of solutions by cutting out the user details for you, with your review and approval (root access) to the entire reinstantiation of the code + the required edits of sensitive information without ever mentioning anything i might see while working with my head turned away as much as possible.

I'm sure the name, the sheer size of my posts, and more are good reasons at a distance to fear me, save this one thought that strikes me as i rise this afternoon....

I don't care about anything your trying to protect, I don't want what your trying to protect, I could care absolutely lesser than nothing.

I do care however for the community and I know I can handle the completion of the work for you, if the time it would take for you to commit to doing what is required to release.

An honestly, unless your storing credit card numbers in eZ publish (highly doubt it) you don't have anything worth being that paranoid about protecting, I don't want or care about what your using as an excuse not to contribute, your panicking over very little.

I'm a sysadmin, my day job is keeping quite about the client. When have you ever heard of me across the entire net dumping others secrets?

I think I've said just about what I woke up with (as dumb as my whole effort was here) ... I'll end with this ...

I can do what is needed, I swear that I would not redistribute anything without your in deep review of the released product + documentation. I swear that I would destroy all archives and copies at the end of the editing process.

We have had this conversation before, I remember it now, yet we have come back to this exact same point months later ...

<i>again....</i>
//kracker

<i>eminem : patiently waiting ...</i>

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Xavier Dutoit

Saturday 21 May 2005 8:20:46 am

Hi,

Let me reiterate: Have you tried using the package feature ? exporting the nodes is going to export the class definition too and * I think * the specific templates too.

I'd suggest to export just a user node (as a tree) with all the informations under it (the blog, the whatever feature. I'm quite sure you have at least one account that doesn't contain sensitive information (eg the one you use for the test).

Rudy could then import that get the structure and get the class definition. If I'm right, he even get the template, if not, Eivind could send them to Rudy.

Does it make sense ?

X+

X+

http://www.sydesy.com

Eivind Marienborg

Monday 23 May 2005 3:41:49 am

Export sounds like a possible sollution. How is that done?

And kracker, I'm sorry if I've been unclear. Refusing to give you the database isn't because of mistrust, but because it's a member registry for a youth organisation, including full names and adresses, birth dates and so on. So it's not about me trying to protect something, it's about me trying not to break the law. So even though I'm really interested in helping ez and the community, I'm not ready to go to prison for it.. ;)

Xavier Dutoit

Friday 27 May 2005 12:51:33 am

Hi,

Have a look at the GUI way:
http://www.ez.no/ez_publish/documentation/ez_publish_3_4/content_object_import_and_export

or the shell way:
http://www.ez.no/ez_publish/documentation/ez_publish_3_4/content_object_export_with_ezpm

Keep us informed...

X+

http://www.sydesy.com

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.