[Zope3-dev] Permissions and workflow

[Florent Guillaume]

Lennart Regebro <lennart@regebro.nu> wrote:
> Now, how can this check be done easily without the object in itself having
> knowledge about the workflow configuration? It seems to me that the only
> alternative is that the workflow service has a security check of it's own,
> so that you can set up a role to permissions mapping there that is sensitive
> to the workflow state.

Are you familiar with DCWorkflow ? That is basically what it does. For
each state of the workflow, you have an additional permission/role
mapping that is applied to the object when it enters that state.

> This also means that only methods that are set to Public and are programmed
> to do this dynamic security check will be able to have different rights for
> different workflow states. I don't see that as a problem, what about you
> others?

Public/non-public is too restrictive. The basic CMF workflow has states
for private, visible, pending and public, with different permission/role
mappings for each state.

> I guess also you will need to register permissions with the workflow
> just as you register it with the standard security system.
> Hmm, or maybe there will be a second type of permission registration in the
> configuration file that sais that this permission is workflow dependant?

The workflow service would use the standard security service, so I'm not
sure why an additional registration would be needed.


Florent


-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 10  http://nuxeo.com  mailto:fg@nuxeo.com