[Zope-CMF] trivial new portal folder type gives weird workflow/security behavior?
Carl Rendell
cer@sol43.com
Wed, 2 Oct 2002 13:12:52 -0700
On Wednesday, October 2, 2002, at 08:09 AM, Florent Guillaume wrote:
> The only thing I can add is that, as Evan mentionned recently, that's
> how the Zope security model works: if an object allows Anonymous View
> access (for instance), it doesn't matter what permissions are set
> in the
> parent, the Publisher will still allow View access to Anonymous to that
> object. Even though unrestrictedTraverse may not allow access.
>
I understand this part. What i'm not understanding right now is why
unpublished items within a published folder are being selected by
portal_catalog.searchResults() ?
As you said. I'm expecting that each of the objects is treated
individually in the context of using a search of straight view, but
the behavior I'm experiencing is seems more like aquisition at
work. I've tested this by moving the item out of the workflow
controled folder, and the behavior is 'normal'.
In short, it makes sense for all published items to be visible.
Should not all un-published items be protected regardless of the
state of a container?
~C
Carl E. Rendell
Solution43
Information Distribution Consulting | "Ahhhh the power of
cer@sol43.com | acquisition" - Chef Z