[Zope-CMF] Proposed default workflow policy change

marc lindahl marc@bowery.com
Tue, 01 May 2001 14:52:51 -0400 

Following the lines of what seb is saying, wouldn't you want to make
membership part of the workflow?  For a 'tight-knit' community, you might
want to have human review of membership applications (then once approved can
freely submit content).... is this possible within the workflow tool
structure?

I guess you could do that by letting members 'apply', with a special
application document, which would then be reviewed...

> From: seb bacon <seb@jamkit.com>
> Date: Tue, 1 May 2001 20:16:21 +0100
> To: Shane Hathaway <shane@digicool.com>
> Cc: zope-cmf@zope.org
> Subject: Re: [Zope-CMF] Proposed default workflow policy change
> 
> * Shane Hathaway <shane@digicool.com> [010501 20:08]:
>> I think the default workflow policy has generated a fair amount of
>> confusion among CMF users.  Part of the policy is that new objects are
>> not accessible by anyone but the creator and reviewers.  Items have to
>> be published before they are accessible in any way.
>> 
>> I would like to propose we change this policy slightly.  One goal was to
>> prevent random users from uploading random content that is immediately
>> visible, which can be a security hazard. But this goal may be misguided
>> because we're not talking about random users.  Presumably anyone who is
>> a member has some degree of trust.  Sites where anyone can create a free
>> acount usually verify the user's email address in some way, thus
>> establishing minimal trust. There are other measures that can be taken
>> to establish trust.
> 
> I'm not entirely clear what the hypothetical situation which the
> CMFDefault addresses is.  I presume it's grown out of the zope.org
> workflow, but I have to say, I find that pretty unintuitive, too.
> 
> If we assume a member has a degree of trust, might it not make just as
> much sense for all 'private' documents to be viewable by all other
> members?  The scenario which it addresses, which may be more instantly
> recognisable by CMF developers, would be one where members have
> collective responsibility for the content on a website, but
> administrators have the final say over what goes 'live'.  Therefore
> the whole publishing thing is geared around making content available
> to anonymous users, and the only security constraint for members is
> that only owners can edit content.
> 
> Just another idea, really.  But I think whatever is decided, the use
> case scenario which the CMF is addressing should be made pretty clear
> somewhere - that would help clear up confusion much more than trying
> to second guess what users are expecting.
> 
> cheers,
> 
> seb
> 
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
> 
> See http://www.zope.org/Products/PTK/Tracker for bug reports and feature
> requests