[Zope3-dev] workflow states and permissions

[Shane Hathaway]

Tres Seaver wrote:
>>On Sunday 13 July 2003 18:18, Marcus J. Ertl wrote:
>>
>>>Is there a way to bind permissions to states?
> 
> The intended way to achieve that meme was via event listeners, perhaps
> managed by the same "content workflow" component that associates given
> process definitions with content based on their "content type"
> interfaces.

I agree.  In fact, this fixes a security problem in DCWorkflow. 
DCWorkflow gives a workflow author the power to indirectly alter who has 
permissions, so only highly trusted system administrators should ever be 
allowed to create or modify a DCWorkflow.  I hope in the future we can 
delegate the creation of workflows, while maintaining permission/role 
maps separately.  The event mechanism is a start in that direction.

Shane