[Plone-NGOs] Initial thoughts on a "Plone for Nonprofits" bundle

George Lee georgeleejr at gmail.com
Mon Jan 8 05:25:13 UTC 2007


George Lee <georgeleejr at ...> writes:

> I haven't used CompositePack or ContentPanels yet, but this reminds me of a
> dilemma I continually face in programming -- the trade-off between:
> 
> * Strong security
> * Solid programming practices (filesystem based code, Zope3 views and adapters
> that allow for easier reuse and extensibility from a developers' standpoint)
> * Ability to customize through the web (TTW)


That last bullet point is really two, which also are in tension with each other:
 * Ability to customize through the web, through the ZMI
 * Ability to customize through the web, using regular Plone content and control
panels outside of the ZMI


The ZMI assumes a high level of security clearance and Zope knowledge from any
user who can access it, so it's safer to allow some crazy things there like
users modifying page templates, TALES, writing Python scripts, etc. -- things
that you can't trust a regular Plone user without access to the ZMI to do. But
this means it is hard for a regular Plone user to be able to customize things
very far.

It seems the best way to approach this is to designate some clear parameters for
how you want a regular Plone user to be able to customize things, and then take
the good chunk of effort to design the UI to let them to do that. A regular
Plone user will never get the full power of the ZMI, but you can pick and choose
portions of that power to expose. It just takes time to do this in a robust and
easy-to-use way.

Perhaps this is all very obvious since after all this is exactly what Plone
add-on products are supposed to do!

Peace,
George





More information about the NGO mailing list