[Zope-CMF] DCWorkflow: Worklist visible to a special member
John Morton
jwm@plain.co.nz
Thu, 13 Feb 2003 22:13:58 +1300
On Thu, 13 Feb 2003 21:34, Raphael Ritz wrote:
> Rainer Thaden wrote:
> >What do i have to enter in the 'Guard' property in the worklist to
> >make the worklist visible to only the one who submitted the content?
>
> Isn't it sufficient to specify 'Role(s)' as 'Owner' under the 'Gards'?
You don't want to do this. Worklists effectively get a double wammy of access
control evaualtion - once, in the context of the site root[1], to see if the
user can execute that particular worklist, and again when it runs the catalog
query that finds out how many objects of a given
'state_variable=target_state' exist in the site, as those objects only show
up in the query if you can view them.
So what you want to do is ignore the tantalizing, candy-like Guard fields in
the worklist configuration, and, instead, set the permissons matrix for
content in the rejected state (or whatever) to insure that only the owner of
that content can see it (and whatever reviewer roles, as well).
I'm pretty sure all of this is explained in the online help section for
DCWorkflows, but it's possible folks just haven't thought to look there.
Maybe it's time the ZMI for DCworkflows was tweaked.
John
[1] There is a reason why it's evaluated at the siteroot, but I've forgotten
what it is.