[Zope-CMF] Controlling Creation of Content, round 3 ;-)

Chris Withers chrisw@nipltd.com
Fri, 28 Feb 2003 09:52:48 +0000

Tres Seaver wrote:
> *Don't* try to use the TI to control visibility of the content objects; 
> use the workflow states' security tabs for that (workflows already
> indirect through the portal_type, and they make enforceable assertions
> about the role-permission map on their instance).

Indeed. This cetainly wasn't the intention of my original coding as I explained 
in reply to Florent's message. Sadly, it seems my initial coding had some 
misguided side effects :-(

> I don't like the current use of the TI's "View" permisison to fake out
> filtering in folder_contents;

Just to re-iterate, that's an unintended side effect :-(
The intended effect was to filter out TI's from the folder_factories view...

> Nope, we should be controlling the visibility of instances via
> workflow;  the folder_contents view should just omit any instances which
> the user wouldn't be allowed to view if they did traverse to them (which
> is what the "skip unauthorized" mechanism is for).

Yep, totally agree.

> "View" permission is "execute", not "read";  "Access contents
> information" is a better map for Unix' "read".  Once you have actually
> gotten hold of an instance, you *must* be able to query its TI;  trying
> to protect the TI instead of the instances is a recipe for hair loss.

Indeed. More unintended side effects. Man, that really was one 'quick fix' gone 

>>Ok so I guess my position is now that an "Add instances" permission is
>>fine. Let's not reuse other permissions, it's not clean.
> I don't think there is any sensible use for the "View" permission *on
> the TI object itself* 


> which means anything beyond the notional "Add
> instances" permission.  I can live with "Add instances" if it aids
> understanding, but it grates.

I'm not sure what you're saying here...

Anyway, if I just restate the original problem, perhaps you can suggest some 
possible solutions?

Basically, we want to be able to control what types of content a user can 
create. Now, the standard Zope idiom would be to map a permission to a role 
somewhere to control this.

Where should that be done and what permission should be mapped?