[Zope-PTK] Re: PTK security

Paul Everitt Paul@digicool.com
Sat, 26 Aug 2000 06:43:47 -0400


Perhaps I'm coming in a bit too late on this conversation, but I don't
see why any of this is needed.

If the content really wants to live outside the Member's area, just let
them go to the right place and put it there.  (Note that, contrary to
popular opinion, the PTK doesn't require content to live in the Member
area.  The next version of the PTK will put the overlooked hyperlinks in
the interface to let someone work in any folder they have permission to
work in.)

I think the idea of magically transporting an object from one ID (URL)
to another is bad in quite a number of ways.

--Paul

> -----Original Message-----
> From: Fabio Forno [mailto:sciasbat@inorbit.com]
> Sent: Monday, August 21, 2000 12:20 PM
> To: Shane Hathaway; zope-ptk@zope.org
> Subject: Re: [Zope-PTK] Re: PTK security
> 
> 
> 
> 
> Shane Hathaway wrote:
> > 
> > What if the "set status" screen were to ask the user if 
> he/she wants to
> > make a copy of the document before setting it to the 
> "pending" state?
> >
> It may be one of the options. IMHO the portal should be 
> configurable in
> order to able to keep a different public structure from the 
> private one.
> In this way columnists can contribute to different topics and their
> documents can be driven to different portal areas accordingly to their
> subjects. A good set of options, when changing the review_state could
> be:
> - chose whether to copy move or copy
> - target folder(s)
> - expiration date (may it be useful?)
>  
> > The reason I don't feel good about the multiple copy idea is because
> > multiple disjoint copies can cause great confusion.  Users 
> might edit
> > the wrong copy, thinking that the changes are automatically 
> published.
> > Or an editor might make changes to the published version while the
> > columnist makes a different set of changes.
> > 
> 
> This may be a problem, but you can avoid it in two ways:
> - forbidding any changes in the published copies; in this way there's
> only one clear policy: personal folders are just draft containers and
> everything is published it's always copied away.
> - building an object which behaves like a symbolic link from 
> the public
> to the private area, so that everything published it's just linked and
> all changes are authomatically visible; this solution looks more
> elegant, but it suffers of the same problem of moving the object: it
> cannot be edited when published withot makin temporary copies
> 
> 
> ByE,
> FF
> 
> _______________________________________________
> Zope-PTK maillist  -  Zope-PTK@zope.org
> http://lists.zope.org/mailman/listinfo/zope-ptk
> 
> See http://www.zope.org/Products/PTK/Tracker for bug reports 
> and feature requests
>