[opencms-dev] Three stage publishing

[Alfonso de Gea García]

Such a configuration is more simple.

It's a matter of permissions and you have to create two groups and make use
of the webusers (Guests group).

Let me explain this issue in a single server scenario:

With the Users group establish the following permissions from the root of
your web (or from the default folder on sites/default to apply it to all of
the sites).

Users Group ->
* Allowed colum: mark the read, overwrite inherit, inherit on subfolders
(left blank the others)
* Denied colum: left blank all (make sure of this, to enable future addings
joining users to others groups). 

Create two new groups: BeforePublish and Intranet.
Both of this new groups inherit from the Users group (parent group), so they
have already read permissions (+r) on your site.

>From this point you have no notice that all your web users (not the
workplace users) have to be of 'webusers' type (members of the Guests
group).

	The public users are ever members of the 'Guests' group.

	The webusers who access to the intranet pages have to be members of
the 'Intranet' group.

	The webusers who access to the restricted sections before definitive
publication (note that you have to publish anyway your contents) have 	to
be members of the 'BeforePublish' group.

Permissions:

1) If you have public pages: do nothing (the Guests group can view them).

2) If you have intranet pages:
Guests group-> mark 'inherit on subfolders', 'overwrite inherit' and left
blank the others (the public users are not able to view this pages).
Intranet group-> mark 'inherit', 'overwrite', 'view', left blank the others.

3) If you have pages that are not public ones yet:
Guests group-> mark 'inherit on subfolders', 'overwrite inherit' and left
blank the others (the public users are not able to view this pages).
Intranet group-> mark 'inherit on subfolders', 'overwrite inherit' and left
blank the others (the intranet users are not able to view this pages).
BeforePublish group -> mark 'inherit', 'overwrite', 'read', 'view' and left
blank the others. This is the only webusers group who has access to this
(actually published) contents.

Finally, to definitive publication of this pages change the permissions from
3) to 1) or 2).

Another issues:
The users who access to the workplace do not have read, publish, etc,
permissions, so you have to manage others groups to make your own
permissions schema (groups for users and project managers). The
Administrators group still have full access.

To securize your system folder maybe you have to consider to make the
following modifications:
Users: read and view (overwrite and inherit)
Guests: only read (overwrite and inherit) 
The read permission is neccesary to access to the module resources.

I hope this helps.
With kind regards, Alfonso De Gea García.


-----Mensaje original-----
De: Christoph P. Kukulies [mailto:kuku at physik.rwth-aachen.de] 
Enviado el: jueves, 12 de abril de 2007 12:03
Para: opencms-dev at opencms.org
Asunto: [opencms-dev] Three stage publishing

I'm seeking for a way to accomplish a three stage way of publishing.
Imagine a company with an OpenCMS server that serves the outside
representation to the Internet and also has an Intranet in which 
the staff is developing pages. Some portion of the staff (administrative
people who are not envolved editing pages in OpenCMS ) would have the
need to look over the pages and then the final publishing would be made.

Is such a configuration feasible (and possible with one OpenCMS server)?
Currently I'm using two servers for this purpose. Unfortunately the
servers drift apart, for one in their OpenCMS release state, secondly,
because not always all content is published and there is a great danger
of extra work arising from these circumstances.


--
Chris Christoph P. U. Kukulies kukulies (at) rwth-aachen.de