[Zope-CMF] trivial new portal folder type gives weird workflow/security behavior?

Carl Rendell cer@sol43.com
Wed, 2 Oct 2002 13:12:52 -0700


On Wednesday, October 2, 2002, at 08:09  AM, Florent Guillaume wrote:

> The only thing I can add is that, as Evan mentionned recently, that's
> how the Zope security model works: if an object allows Anonymous View
> access (for instance), it doesn't matter what permissions are set 
> in the
> parent, the Publisher will still allow View access to Anonymous to that
> object. Even though unrestrictedTraverse may not allow access.
>

I understand this part. What i'm not understanding right now is why 
unpublished items within a published folder are being selected by 
portal_catalog.searchResults() ?

As you said. I'm expecting that each of the objects is treated 
individually in the context of using a search of straight view, but 
the behavior I'm experiencing is seems more like aquisition at 
work. I've tested this by moving the item out of the workflow 
controled folder, and the behavior is 'normal'.

In short, it makes sense for all published items to be visible. 
Should not all un-published items be protected regardless of the 
state of a container?

~C

Carl E. Rendell
Solution43
Information Distribution Consulting        |   "Ahhhh the power of
cer@sol43.com                              |    acquisition"  - Chef Z