[Zope-CMF] Re: [CMF-checkins] CVS: CMF/CMFCore - CatalogTool.py:1.30.4.7
Sidnei da Silva
sidnei@x3ng.com
Sun, 27 Apr 2003 17:26:38 -0300
Yuppie wrote:
> Hi!
>
>
> Sidnei da Silva wrote:
>
>> Yuppie wrote:
>
> [...]
>
>>> If I understand your checkin correctly, allowedRolesAndUsers now
>>> returns users that don't have the local role 'Owner' and might not
>>> have a 'View' permission.
>>
>>
>>
>> No. With my change the user that created the object (and is the
>> object Owner) is included on allowedRolesAndUsers if the Owner role
>> has the View permission on the object. As Shane pointed out, the best
>> solution would be giving the local role of Owner to the user that
>> created the object instead.
>
>
> 1.) I can't reproduce the problem you resolved. AFAICT users creating
> objects *are* given the local role of Owner.
>
> 2.) If the 'View' permission depends on the role 'Owner', owners
> without the role 'Owner' can't view the object.
>
> Or am I missing something?
Hummm... No. I think that Im missing something. I just confirmed that
youre right, and the user seems to have the local role of owner when
creating objects on his home folder. I cant test the setup I was working
with right now though, which was quite different, and maybe im looking
at the wrong place.
I was using CMFCommerce. As a normal 'Member', I buy something. When I
checkout, my Order is created and placed on portal_commerce/orders. The
initial workflow state sets the View permission on the order only to
Manager and Owner. Now, for some reason the user didnt make it to
allowedRolesAndUsers, and as the Owner role is removed from the list,
the user couldnt find his Order by searching. I looked in portal_catalog
and only 'Manager' was on allowedRolesAndUsers. Ill recheck this
tomorrow when I get to the office.
~dc