[Zope-CMF] Controlling Creation of Content, round 3 ;-)
Fri, 28 Feb 2003 09:52:48 +0000
Tres Seaver wrote:
> *Don't* try to use the TI to control visibility of the content objects;
> use the workflow states' security tabs for that (workflows already
> indirect through the portal_type, and they make enforceable assertions
> about the role-permission map on their instance).
Indeed. This cetainly wasn't the intention of my original coding as I explained
in reply to Florent's message. Sadly, it seems my initial coding had some
misguided side effects :-(
> I don't like the current use of the TI's "View" permisison to fake out
> filtering in folder_contents;
Just to re-iterate, that's an unintended side effect :-(
The intended effect was to filter out TI's from the folder_factories view...
> Nope, we should be controlling the visibility of instances via
> workflow; the folder_contents view should just omit any instances which
> the user wouldn't be allowed to view if they did traverse to them (which
> is what the "skip unauthorized" mechanism is for).
Yep, totally agree.
> "View" permission is "execute", not "read"; "Access contents
> information" is a better map for Unix' "read". Once you have actually
> gotten hold of an instance, you *must* be able to query its TI; trying
> to protect the TI instead of the instances is a recipe for hair loss.
Indeed. More unintended side effects. Man, that really was one 'quick fix' gone
>>Ok so I guess my position is now that an "Add instances" permission is
>>fine. Let's not reuse other permissions, it's not clean.
> I don't think there is any sensible use for the "View" permission *on
> the TI object itself*
> which means anything beyond the notional "Add
> instances" permission. I can live with "Add instances" if it aids
> understanding, but it grates.
I'm not sure what you're saying here...
Anyway, if I just restate the original problem, perhaps you can suggest some
Basically, we want to be able to control what types of content a user can
create. Now, the standard Zope idiom would be to map a permission to a role
somewhere to control this.
Where should that be done and what permission should be mapped?