[Zope-CMF] private docs shown to other members, pending shown

[Kari-Hans Kommonen]

I studied a bit more and realized what seems to be happening in our case:

We had tweaked the permissions and roles, because we want to keep the 
site open to members only. So we  removed View from Anonymous, and 
granted View to Members.

This is not compatible with the DCWorkFlow, because it assumes that 
the difference between private and public is whether the object is 
visible for Anonymous users. Therefore, when it makes an object 
private, DCWorkFlow simply denies the permission of the Anonymous to 
View it, and when it makes it public, it grants that permission again.

For us, this is bad, because we have granted View to Members, and 
private status does not take this permission away. Published status 
is even worse, because the things we'd like the Members only see, 
become available to anyone.

So I guess we need to write our own workflow which has a two level 
publishing strategy: publish 1) for members and 2) for anyone.

Now the next step is to look for info about a way to create and 
install our own workflow...

kari-hans
...

At 12:08 -0600 28.12.2001, Lynn Walton wrote:
>  > From: Kari-Hans Kommonen <khk@uiah.fi>
>>
>>  I tried to describe the same situation previously, but I thought that
>>  there must be something wrong with our setup, so I did not explain it
>>  this way or call it a bug... in all our CMF sites, "private"
>>  documents seem to be available to all members if they discover the
>>  URL.
>
>khk,
>Well, it seems like a bug to me.  Although you can confirm private 
>things being seen by
>Members, can you also confirm whether pending things can be seen by all?