[Zope-CMF] Local roles, workgroups and workflow

robert rottermann robert@redcor.ch
Mon, 3 Feb 2003 06:12:05 +0100 

This is a multi-part message in MIME format.

------=_NextPart_000_0021_01C2CB4B.2CB880B0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

when you change the state of an object it gets assigned a set of access =
permissions as defined for that state (look under workflows->(name of =
your workflow)->states->permissions)
When you publish an object (and did not change the default workflow) it =
gets the permission View set for role Anonymous. Therefore anybody can =
see it.
So you have to change the workflows pubished state permission mapping so =
that not the role Anonymous but the role Student has view permission.

Robert
  ----- Original Message -----=20
  From: Anton Hughes=20
  To: zope-cmf@zope.org=20
  Sent: Monday, February 03, 2003 6:13 AM
  Subject: [Zope-CMF] Local roles, workgroups and workflow


  Hi all,
  =20
  I've set up a portal in which I'm using local roles to restrict access =
to particular folders. Only people with the role 'Student' assigned to =
them can View, etc the contents of these folders. However, when I =
publish a news item in one of these folders, it shows up in the news box =
on the front page and anyone can read it.=20
  =20
  I've tried turning on and off permissions, in line with the info on =
cmf.zope.org's FAQ section on workgroups, but to no avail. Should I be =
customising the catalog query for the news box, changing the workflow or =
am I still not setting the permissions correctly?
  =20
  Thanks,
  =20
  Anton Hughes
  =20
  Data Administrator
  Childhood Determinants of Adult Health Project
  Menzies Centre for Population Health Research
  Private Bag 23, Hobart Tasmania 7001
  =20
  Email: anton.hughes@utas.edu.au
  Web:  http://www.menzies.utas.edu.au/cohort/CDAH.htm
  Phone: +61 (0) 3 6226 7761
  =20
  =
=3D+=3D+=3D+=3D=3D=3D+++=3D=3D=3D=3D=3D+++++=3D=3D=3D=3D=3D=3D=3D=3D=3D++=
+++++++
  Windows NT crashed.
  I am the Blue Screen of Death.
  No one hears your screams.


------=_NextPart_000_0021_01C2CB4B.2CB880B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>when you change the state of an object =
it gets=20
assigned a set of access permissions as defined for that state (look =
under=20
workflows-&gt;(name of your =
workflow)-&gt;states-&gt;permissions)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>When you publish an object (and did not =
change the=20
default workflow) it gets the permission View set for role Anonymous. =
Therefore=20
anybody can see it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>So you have to change the workflows =
pubished state=20
permission mapping so that not the role Anonymous but the role Student =
has view=20
permission.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Robert</FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV=20
  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
  <A href=3D"mailto:Anton.Hughes@utas.edu.au" =
title=3DAnton.Hughes@utas.edu.au>Anton=20
  Hughes</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
href=3D"mailto:zope-cmf@zope.org"=20
  title=3Dzope-cmf@zope.org>zope-cmf@zope.org</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Monday, February 03, 2003 =
6:13=20
  AM</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [Zope-CMF] Local =
roles,=20
  workgroups and workflow</DIV>
  <DIV><BR></DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial size=3D2>Hi=20
  all,</FONT></SPAN></DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial size=3D2>I've =
set up a=20
  portal in which I'm using local roles to restrict access to particular =

  folders. Only people with the role 'Student' assigned to them can =
View, etc=20
  the contents of these folders. However, when I publish a news item in =
one of=20
  these folders, it shows up in the news box on the front page and =
anyone can=20
  read it. </FONT></SPAN></DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial size=3D2>I've =
tried turning=20
  on and off permissions, in line with the info on cmf.zope.org's FAQ =
section on=20
  workgroups, but to no avail. Should I be customising the catalog query =
for the=20
  news box, changing the workflow or am I still not setting the =
permissions=20
  correctly?</FONT></SPAN></DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial=20
  size=3D2>Thanks,</FONT></SPAN></DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial=20
  size=3D2></FONT></SPAN>&nbsp;</DIV>
  <DIV><SPAN class=3D807470705-03022003><FONT face=3DArial =
size=3D2>Anton=20
  Hughes</FONT></SPAN></DIV>
  <DIV><FONT face=3DArial size=3D2>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN=20
  class=3D447284401-03092002></SPAN></FONT></FONT><FONT =
face=3DArial><FONT=20
  size=3D2><SPAN =
class=3D447284401-03092002></SPAN></FONT></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Data=20
  Administrator</SPAN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Childhood=20
  Determinants of Adult Health Project</SPAN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Menzies=20
  Centre for Population Health Research</SPAN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Private Bag=20
  23, </SPAN></FONT></FONT><FONT face=3DArial><FONT size=3D2><SPAN=20
  class=3D447284401-03092002>Hobart Tasmania =
7001</SPAN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN=20
  class=3D447284401-03092002></SPAN></FONT></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Email: <A=20
  =
href=3D"mailto:anton.hughes@utas.edu.au">anton.hughes@utas.edu.au</A></SP=
AN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Web:=20
  &nbsp;<A=20
  =
href=3D"http://www.menzies.utas.edu.au/cohort/CDAH.htm">http://www.menzie=
s.utas.edu.au/cohort/CDAH.htm</A></SPAN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial><FONT size=3D2><SPAN =
class=3D447284401-03092002>Phone: +61=20
  (0) 3 6226 7761</SPAN></FONT></FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3D"Courier New"=20
  =
size=3D1>=3D+=3D+=3D+=3D=3D=3D+++=3D=3D=3D=3D=3D+++++=3D=3D=3D=3D=3D=3D=3D=
=3D=3D+++++++++<BR></FONT><FONT size=3D1><FONT=20
  size=3D2><FONT face=3D"Courier New" size=3D1>Windows NT crashed.<BR>I =
am the Blue=20
  Screen of Death.<BR>No one hears your=20
  screams.</FONT></DIV></FONT></FONT></FONT></DIV>
  <DIV>&nbsp;</DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0021_01C2CB4B.2CB880B0--