The internals of Plone’s user & groups system got massively upgraded in Plone 2.5 with the inclusion of PAS (Plugabble Auth System). Behind the scenes, we now have an impressively powerful, extremely flexible system for managing the entire authentication system. It’s a great foundation. But while the foundation is sound, the more external-facing parts of the system could use some freshening up.
Here are what I see as the main problems facing site administrators and integrators:
- Poor usability of user/group administration screens for site managers. Think of how much we streamlined the “Sharing” tab from Plone 2.5 to Plone 3. We need a similar effort here
- It’s too hard to customize member profiles — it requires changing lots of scattered forms & scripts. Membrane and Remember offer a path to using Archtypes objects as member/group sources, which is a good idea. But we can (I think) do even better soon.
- User registration and user administration both use the same join_form. That is somewhat inflexible.
- Password confirmation/reminder messages have some rough usability edges.
- Deleting users can orphan content they’ve created without an owner — need a way to reassign a user’s content objects when deleting the user.
Users & Groups in Plone 4: My vision
I think the key elements of Plone 4’s users & groups story could be:
- Dexterity-powered membership objects (“Membrane NG” if you will) and reimplemented user management UI so it is powered by these Dexterity objects (“Remember NG”) This should be Plone’s OOTB story. This will give us easy user/group profile configurability. Users are just content objects.
- Big usability cleanup to user management UI.
- Use PFG (or its Plone 4 successor) to create public user registration/profile forms
- Include LDAP support out of the box (included but disabled) — review its usability so it is as easy as possible to configure.
- We probably need a better story for attachig to a SQL source for user/group data. (Problem with SqlPASPlugin is that it stores all newly created users in SQL, there’s no choice to store some users locally.) Such a system probably needs to be made to use SQLAlchemy at its heart.
- Password strength requirements w/ interactive feedback.
- Through-the-web customization of registration confirmation and password reminder emails.
- We need a really good tool for importing memberlists via CSV
Ok, that’s my first brain dump. What’s on your mind? How should Plone’s users & groups system be improved? And more importantly, who can step forward as a champion for this important but often-neglected component? This is a big opportunity to take ownership of a critical piece of Plone’s future.