Custom Workflow development

Hi members,

We are trying to develop a web interface in Plone to manage a corporate identity management solution by interfacing openidm with plone. Please refer the block diagram for the entire setup attached here.(Here the is a user interface for calling the REST APIs of the OpenIDM to manage the roles in the OpenIDM).

There are around 4000 user LDAP directory services with different Organisational Units(OUs), The roles are created and assigned by openidm.

We are developing a plone web interface for all the users to log in and and manage their roles such as delegation of their roles to peers when they were going on leave/vacation. So we are planning to implement a customized workflow into this plone application so that a Team Member(TM) as in the diagram can initiate the role change request to his Team Lead(TL) for review and forward to his Project Manager(PM)to Approve or Reject or forward to Delivery Manager(DM) for further forwarding to other project groups, If the particular member belongs to multiple project groups for further approvals from horizontal project Heads/authority.

We are developing a module in Plone for users to apply for leave and request/delegate his role changed to another user through a workflow based approval process.

1)How can we implement a workflow such that, if a user(eg. Role --> Team Member) submits a leave application requesting for role change, it should go only to the the immediate hierarchy(eg.Team Lead) within the same group, so that no user with a role "Team Lead/Project Manager/Delivery Manager" in other groups will be able to view the request of a Team Member in another Group.

Note: The workflow in general is going to have overall four roles (Team Member, Team Lead, Project Manager, Delivery Manager)only in each Group.

Please shed some light and your valuable suggestions to achieve such a custom workflow as described in Query 1.
Thank You

We would implement something like this using plomino rather than content
type and dcworkflow. It provides a lot more flexibility with business logic
like this

Look up local roles... you can set local roles on a specific item, the way the Sharing tab does it. You'd have to store somewhere who the team lead is for each person, and when the person makes the request you'd give the person's team leader the local role for "review request".