[Zope-PTK] Re: PTK security

[Fabio Forno]

Shane Hathaway wrote:
> 
> What if the "set status" screen were to ask the user if he/she wants to
> make a copy of the document before setting it to the "pending" state?
>
It may be one of the options. IMHO the portal should be configurable in
order to able to keep a different public structure from the private one.
In this way columnists can contribute to different topics and their
documents can be driven to different portal areas accordingly to their
subjects. A good set of options, when changing the review_state could
be:
- chose whether to copy move or copy
- target folder(s)
- expiration date (may it be useful?)
 
> The reason I don't feel good about the multiple copy idea is because
> multiple disjoint copies can cause great confusion.  Users might edit
> the wrong copy, thinking that the changes are automatically published.
> Or an editor might make changes to the published version while the
> columnist makes a different set of changes.
> 

This may be a problem, but you can avoid it in two ways:
- forbidding any changes in the published copies; in this way there's
only one clear policy: personal folders are just draft containers and
everything is published it's always copied away.
- building an object which behaves like a symbolic link from the public
to the private area, so that everything published it's just linked and
all changes are authomatically visible; this solution looks more
elegant, but it suffers of the same problem of moving the object: it
cannot be edited when published withot makin temporary copies


ByE,
FF