[Zope-CMF] DCWorkflow bug? - Updating security settings affects also normal images, not just portal images

Florent Guillaume fg@nuxeo.com
Sat, 3 Aug 2002 04:25:40 +0000 (UTC)


Heimo Laukkanen  <huima@fountainpark.org> wrote:
> Hi all,
> 
> I am using CMF 1.3b2, not latest version from CVS.
> 
> I sis some settings in workflow and noticed that after I updated the 
> permission settings, all the images of my site (normal Image-objects) 
> required users to authenticate. While cheking the problem I noticed 
> that all the security setting were changed to match those in DC 
> Workflow for Portal Image.
> 
> I created a new workflow called published, where there is only one 
> state called published and correct security setting and gave that 
> workflow to Image. After updating security settings all images now had 
> the settings managed in workflow.
> 
> Can anyone else confirm this too? I couldn't connect to collector 
> since there seems to be some major problems at this moment on 
> cmf.zope.org and on collector.

I can confirm, reading the code, that it's what happens.

The problem is that in WorkflowTool, _recursiveUpdateRoleMappings calls
getChainFor for *all* subobjects, and that getChainFor may return a
chain for objects that have nothing to do with the workflow:

getChainFor either returns the (Default) workflow for the objects that
don't have a portal_type but only a meta_type, or, in the case of
meta_type=Image, which matches an existing portal_type, it returns the
chain for that portal_type.

I propose that in getChainFor we replace:
        else:
            pt = getattr( ob, 'meta_type', None )  # Use a common Zope idiom.
            if pt is None:
                return ()
by:
        else:
            return ()


Opinions?


Florent
-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@nuxeo.com