[Zope-CMF] Re: Worklists and local roles again

Rainer Thaden Rainer Thaden <thadi@gmx.de>
Thu, 24 Jul 2003 15:45:50 +0200 

RT> i looked for some postings on worklists and local roles but didn't
RT> fine one that solves my problem. 

RT> Let's say we have content organised in different folders, we have a
RT> user with a manager role and one with a reviewer role defined in the
RT> site root and a private-pending-published workflow.

RT> For this case everything works fine. We just define a worklist for
RT> pending items and set 'Review portal content' as necessary permission
RT> in the guard. The permission is checked against the portal root as i
RT> understand it, so the users with the role 'Reviewer' and 'Manager'
RT> defined in the CMF site root will see the worklist.

RT> But if i want to give a certain user a 'Manager' local role for one
RT> folder so that he is able to publish and delete items in that folder
RT> he does not see the pending items worklist, because he is a 'Member'
RT> in the context of the portal root and does not have the 'Review portal
RT> content' permission.

RT> One easy solution would be to delete the 'Review portal content'
RT> permission in the guard of the worklist so that the visibility of the
RT> worklist is determined by the access rights of the user but then every
RT> member would see the worklist because the pending items are visible to
RT> all members and i don't want to change that.

RT> If i want to define a special worklist for this case what do i need to
RT> put in the guard permissions or roles?
RT> Is it possible to check the permission against the folder or object?
RT> The 'category' in the worklist determines only the location of the
RT> worklist link in the actions box, right?


I just found one ugly solution for this:
I defined a new worklist with

review_state = pending

URL = %(portal_url)s/search?review_state=pending

Category = global

and

Guard Expression =
python:here.portal_membership.getAuthenticatedMember().id=='userid'

where userid is the id of the user who sees the worklist. Problem: the
user id is hardcoded. If i pass over the webadmin job to another
person i have to document this exactly.


-- 
Regards,
 Rainer                            mailto:thadi@gmx.de