[Zope-CMF] CMF 1.2: 'private' objects visible to 'Member' users
Tres Seaver
tseaver@zope.com
Fri, 15 Mar 2002 07:03:24 -0500
Ernie wrote:
> Hi Tres,
>
> Indeed, I am using the default_workflow that comes with CMF 1.2 which I do not
> believe is labelled DCWorkflow as reported in "portal_workflow --> contents"
> (are they the same?). My problem is in fact less severe but more insidious: an
> authenticated user (role: member) can actually view other members' private
> objects (those newly created but not submitted for review); anonymous users
> cannot view such objects.
>
> I believe this has something to do with some permission setting issue at the
> point of CMF object creation but upon checking the source for CMF 1.2 briefly, I
> think this may have been fixed. Many of the discussions centred on this arose
> during Dec 2001 before CMF 1.2 final release.
>
> Is there a fix/patch I can apply?
>
> Many thanks again -- cheers,ernie.
The bug you are reporting may be "homepage doesnt participate in
workflow",
http://www.zope.org/Products/PTK/Tracker/467
Is it only the 'index_html' in the member folder which has this
problem, and not other "private" content which members create?
I can reproduce that behavior against a Zope running against CMF
1.2.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com