[Zope-CMF] Re: [CMF-checkins] CVS: CMF/CMFCore - CatalogTool.py:1.30.4.7

Sidnei da Silva sidnei@x3ng.com
Fri, 25 Apr 2003 11:11:52 -0300


On Fri, Apr 25, 2003 at 09:33:38AM -0400, Shane Hathaway wrote:
| Chris Withers wrote:
| >Hi Sidnei,
| >
| >I'm probably missing something, but where are the tests to accompany 
| >these checkins?
| 
| Not only that, but I don't feel good about that change.  It mixes the 
| concept of "executable owner" and the "owner role".  The former 
| shouldn't really be called ownership.  At ZC we've been planning to 
| rename the concept.  It's more like a "code signature" or something.

Looks like I need to explain the motivation, and then we may agree on
a partial solution. Heres the issue:

1. The user creates an object
2. He has the 'Member' role
3. The initial workflow state changes the permission on the object so
only 'Owner' and 'Manager' roles can see the object.
4. The user that created the object *is* set as the owner
5. allowedRolesAndUsers gets the lists of roles that have the View
permission
6. Manager and Owner have the view permission
7. Then for each local role, if the role is on the set of roles that
have the view permission, add the user to result (note that the user
that created the object *is* owner, but doesnt have a local role of
Owner, so he doesnt get into this list)
8. The owner role is deleted from the result.

So, at this point allowedRolesAndUsers would contain ['Manager'], and
the user that created the object cant find it on a search.

What solution you propose? Using Creator() instead of getOwner()?
(Note that Creator() is currently returning the result of getOwner(),
which I pointed out months ago, but no one agreed on a solution for
that).

[]'s

-- 
Sidnei da Silva (dreamcatcher) <sidnei@x3ng.com.br>
X3ng Web Technology <http://www.x3ng.com.br>
GNU/Linux user 257852
Debian GNU/Linux 3.0 (Sid) 2.4.18 ppc

"Don't fear the pen. When in doubt, draw a pretty picture." 
   --Baker's Third Law of Design.