[Zope-CMF] Re: [CMF-checkins] CVS: CMF/CMFCore - CatalogTool.py:1.30.4.7

Tres Seaver tseaver@zope.com
28 Apr 2003 15:23:55 -0400


On Mon, 2003-04-28 at 14:18, Sidnei da Silva wrote: 
> 
> On segunda-feira, abr 28, 2003, at 12:00 America/Sao_Paulo, Florent 
> Guillaume wrote:
> > I agree with Shane. The executable owner has nothing to do with what's
> > going on here. A local role of Owner is set by Zope when someone 
> > creates
> > an object, and the allowedRolesAndUsers code deals with it correctly
> > (through the rolesForPermissionOn call).
> >
> > BTW, the removal of 'Owner' at the end is there because 'Owner' is
> > designed to be a local role only and it's been felt (by Tres I guess)
> > that it's better to not provide an opportunity for users having a 
> > global
> > role Owner for whatever reason to see content they don't really own.
> >
> > So Sidnei, please revert.
> 
> I see that Tres already reverted the change.

I was packaging the 1.4 beta, and didn't want to wait.  It was no real
trouble. 

> I just checked the 
> behavior on my app and I found out that two things were happening:
> 
> 1. I was calling reindexObject too early, before the security settings 
> were applied by the workflow. At this point, the Owner role didnt had 
> the view permission yet
> 
> 2. A few lines later it was calling notifyWorkflowCreated, and then 
> setting the View permission to the owner role, which indeed does the 
> right thing.

Cool! 

> Sorry for the inconvenience.

No problem! 

Tres. 
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com