[Zope-CMF] preventing deletion of published objects

Tres Seaver tseaver@zope.com
14 Apr 2003 07:47:41 -0400


On Sun, 2003-04-13 at 21:50, Colin Leath wrote:
> I perform certain actions in my workflow that get skipped if an author
> deletes an object before retracting it. (one of the actions I perform is
> a logging of all retractions)
> 
> It seems there is no permission that could be turned off that would
> prevent the author from deleting published content. (such permissions only
> exist at the folder level, and apply uniformly to all objects in the
> folder. That seems strange. Am I missing something? )
>
> The approach I am about to try consists of:
> (1) disabling access to management screens
> (2) replacing the delete function called by the delete button in the
> cmfdefault skin with my own delete function.
> 
> Is there  a better, more secure way?

You could extend the 'manage_beforeDelete' method of your object, and
cause it to raise the special BeforeDeleteException exception type::

    def manage_beforeDelete( self, item, container ):
        # Check workflow first
        wftool = getToolByName( self, 'portal_workflows' )
        state = wftool.getInfoFor( self, 'review_status' )
        if state == 'published':
            raise BeforeDeleteException, 'Published item'
        PortalContent.manage_beforeDelete( self, item, container )

This would prevent deletion in either the ZMI or the 'folder_contents'
view.  You would likely want to customize the 'folder_delete' skin
method as well, to catch this exception and report it sensibly to the
user.

> This seems like it would be a fairly common problem-
> 
> and that many developers would prefer to either restrict the transition
> from published -> deleted, or handle it in their workflow.
> 
> here are some links to related mailing list postings:
> http://mail.zope.org/pipermail/zope-cmf/2001-December/010882.html
> http://aspn.activestate.com/ASPN/Mail/Message/Zope-CMF/1468390
> 
> thanks for any suggestions!


Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com