[Zope-CMF] Worklists and local roles again

Dieter Maurer dieter@handshake.de
Fri, 25 Jul 2003 02:09:03 +0200 

Rainer Thaden wrote at 2003-7-24 14:45 +0200:
 > i looked for some postings on worklists and local roles but didn't
 > fine one that solves my problem. 
 > 
 > Let's say we have content organised in different folders, we have a
 > user with a manager role and one with a reviewer role defined in the
 > site root and a private-pending-published workflow.
 > 
 > For this case everything works fine. We just define a worklist for
 > pending items and set 'Review portal content' as necessary permission
 > in the guard. The permission is checked against the portal root as i
 > understand it, so the users with the role 'Reviewer' and 'Manager'
 > defined in the CMF site root will see the worklist.
 > 
 > But if i want to give a certain user a 'Manager' local role for one
 > folder so that he is able to publish and delete items in that folder
 > he does not see the pending items worklist, because he is a 'Member'
 > in the context of the portal root and does not have the 'Review portal
 > content' permission.
 > 
 > One easy solution would be to delete the 'Review portal content'
 > permission in the guard of the worklist so that the visibility of the
 > worklist is determined by the access rights of the user but then every
 > member would see the worklist because the pending items are visible to
 > all members and i don't want to change that.
 > 
 > If i want to define a special worklist for this case what do i need to
 > put in the guard permissions or roles?
 > Is it possible to check the permission against the folder or object?
 > The 'category' in the worklist determines only the location of the
 > worklist link in the actions box, right?

Almost.

There is a kludge that determines the reference object
with respect to which object permissions are checked:

  When the category starts with "object" or "workflow",
  the current object is the reference object; otherwise,
  it is the portal object.

You may use this to solve your problem (partially).
Use "object_global" (or something else starting with "object")
as category for your worklist. Then your reviewer should
see the worklist once he entered the respective folder.

Of course, you need to extend the UI, too, such that it
handles the new category.


Dieter