How to set up Plone intranet/extranet workflow
What people want from Intranet in the first place? Intranet aims at making sharing of content/files/documents simpler and web-based. Such system must be secure, easy-to-use and with strongly separated rights for large numbers of users (those who can view, add, edit, publish and share content in different areas).
Plone offers simple Intranet/Extranet workflow that supports such features. It is fairly easy to transform your Plone website into intranet. In this case all content managed in Plone will be visible only to members of your organisation. Moreover, Plone offers opportunity to make some of the content publicly accessible, if there is such necessity. Even if you already have loads of material on your Plone website, everything would be neatly transferred into new workflow.
In this tutorial all main features of Plone intranet will be explained so you would be able to configure new workflow. By default PLone is functioning using Simple Publication Workflow. You can get acquainted with default workflow in Plone and content management roles and permissions in our tutorials.
To change the workflow parameters please go to Site Setup -> Types. After selecting Intranet/Extranet Workflow from the New workflow drop down menu you would be able to see some general information.
Previously there were only three possible states of the content:
Private - can only be viewed and edited by the author;
Pending review - content was submitted for publication/review;
Published - visible to all visitors of the website.
The first two states don’t change for the intranet, though Published state no longer exists. Instead Plone offers the following options:
Internal draft - visible to all intranet users, but can be edited only by the author;
Internally published - published and visible to intranet users, author cannot edit, but can retract;
Externally visible - visible to people outside the intranet, author cannot edit, but can retract.
If you had content previously to the transition to the intranet workflow, Plone offers to select equivalents to the content state at the moment. You can change desired state for any of the default states.
Roles indicate set of content management rights allowed for users of the Intranet. In the table below you can see the roles and actions they are permitted to do with the content.
|view private content||+||+||-||+||-||+||+|
|view submitted for
|view Internal Draft /
|edit your own content||+||-||-||-||-||+||+|
|edit other users content||-||+||-||-|| + (only
your own content
other users content
|retrack your own content||+||-||-||-||-||+||+|
|send back other users content||-||-||-||-||+||+||+|
|access to ZMI||-||-||-||-||-||-||+|
To configure user roles go to Site Setup -> Users and Groups -> Users tab. Depending on the number of users, diversity of their roles, categories and topicality of content, you can:
- change user roles,
- create user groups (Groups tab),
- add users with certain rights for specific content (Sharing tab),
- add opportunity for all logged-in users to have their own content folders (Site Setup -> Security -> Enable User Folders).
The whole workflow process by default looks in the following way:
Let’s take a page content type as an example. In the private state page can be manipulated only by the author and members who have been given access to edit, review or view the specific content. Either author, privileged users, editor, site administrator or manager can choose option to show the page internally to all the intranet members. After this page can be either submitted for review/publication or published.
Contributor (author) can still retract the page from the Internal Draft or Pending review state. Reviewer, site administrator or manager can send the page back from the Pending review or Internally/Externally published state if, for some reasons, the page is considered not ready or no longer relevant.
Furthermore, thanks to Plone now there is no need to employ two separate systems for externally and internally maintained content. Plone intranet has two publishing options and reviewers, site managers and administrators can choose whether content would be accessible only for internal users or it can be viewed and shared publicly by outsiders.
In the latter case it is important to know that content can be published externally only after it had been published internally or if it is Pending review. Hierarchy is also very important. Even if content page is in Externally visible state, but is situated in Internally published folder, it will not be accessible for anonymous users.
If you want to dedicate a part of Plone for sharing environment, you can add folders for specific users/groups of users. For example, we create group of users called members1 and add users you would like to have access to a certain folder:
- Go to Site Setup -> Users and Groups -> Groups tab.
- Add group and search for users you would add there.
- Create new folder. Let’s name it shared folder.
- Click on Sharing tab.
- Put the name of the appropriate group in the search field and add permissions by ticking the boxes in the table.
- Untick the Inherit permissions from higher levels box if your folder is placed in another folder with specified permissions and you do not want them to overlap.
Now each user from the members1 group can view, add, edit, and publish any kind of content inside the shared folder. For instance, if it is intranet for university, you can create user group for the faculty/students/staff of these departments, then you can create folder for each department and add permissions to add/edit content for appropriate group.
There is also option to open folder for all Logged-in users. In this case folder will be accessible and editable by all intranet users without the need of assigning specific role.
Since Plone is an open source CMS, people are free to add features that solve specific tasks. ploneintranet.workspace is one of such solutions for intranet systems. This Plone product provides a Workspace container that can be used as a project space, team space or community space. It was built on the basis of Dexterity Container to which collective.workspace behavior was applied. Advanced and intuitive user interface gives opportunities to easily manage security/sharing settings.
Personas are similar to Roles in Plone workflow and are divided into:
- Site Admin: manages users and permissions on the Plone site.
- Workspace Admin: manages users and the Workspace.
- Participant: a site user with local permissions in the Workspace.
- Guest: a site user who is not a Participant in the Workspace.
Ploneintranet.workspace offers the following Workspace states:
- Secret - cannot be viewed or accessed by Guests. Only Participants and users with higher permissions can view and access a Secret Workspace.
- Private - can be viewed, but not be accessed by Guests. Participants and users with higher permissions can view and access a Private Workspace.
- Open - can be viewed, but not responded by Guests. Participants can not only access the Workspace but also interact with it's content.
The most important feature of this package is Joining. Joining settings indicate on the way users are added to the Workspaces on different levels and can be configured as following:
- Admin-managed (only Workspace Admins can change user role).
- Team-managed (existing Participants can change assign a user role of Participant).
- Self-managed (any user can self-join the Workspace and become a Participant).
Ploneintranet.workspace allows to modify different policies and permissions depending on the aim of newly created intranet. Security and interactivity can be combined in different proportions to create perfect working and sharing environment.
Plone gives wide possibilities for customization of the workflow processes. New roles, content types, integration with third-party software, wiki, multilingual capabilities, etc. Almost everything is possible with Plone. What is the most important is to define what features are essential to your intranet.