[Zope3-dev] workflow states and permissions
Shane Hathaway
shane@zope.com
Mon, 14 Jul 2003 09:49:35 -0400
Tres Seaver wrote:
>>On Sunday 13 July 2003 18:18, Marcus J. Ertl wrote:
>>
>>>Is there a way to bind permissions to states?
>
> The intended way to achieve that meme was via event listeners, perhaps
> managed by the same "content workflow" component that associates given
> process definitions with content based on their "content type"
> interfaces.
I agree. In fact, this fixes a security problem in DCWorkflow.
DCWorkflow gives a workflow author the power to indirectly alter who has
permissions, so only highly trusted system administrators should ever be
allowed to create or modify a DCWorkflow. I hope in the future we can
delegate the creation of workflows, while maintaining permission/role
maps separately. The event mechanism is a start in that direction.
Shane