[Zope-CMF] DCWorkflow: Worklist visible to a special member

John Morton jwm@plain.co.nz
Thu, 13 Feb 2003 22:13:58 +1300

On Thu, 13 Feb 2003 21:34, Raphael Ritz wrote:
> Rainer Thaden wrote:
> >What do i have to enter in the 'Guard' property in the worklist to
> >make the worklist visible to only the one who submitted the content?
> Isn't it sufficient to specify 'Role(s)' as 'Owner' under the 'Gards'?

You don't want to do this. Worklists effectively get a double wammy of access 
control evaualtion - once, in the context of the site root[1], to see if the 
user can execute that particular worklist, and again when it runs the catalog 
query that finds out how many objects of a given 
'state_variable=target_state' exist in the site, as those objects only show 
up in the query if you can view them.

So what you want to do is ignore the tantalizing, candy-like Guard fields in  
the worklist configuration, and, instead, set the permissons matrix for 
content in the rejected state (or whatever) to insure that only the owner of 
that content can see it (and whatever reviewer roles, as well). 

I'm pretty sure all of this is explained in the online help section for 
DCWorkflows, but it's possible folks just haven't thought to look there. 
Maybe it's time the ZMI for DCworkflows was tweaked.

[1] There is a reason why it's evaluated at the siteroot, but I've forgotten 
what it is.