[Zope-CMF] using review_history and proxy roles to get published
date
Dieter Maurer
dieter at handshake.de
Fri Jan 23 15:28:44 EST 2004
Travis N. Vaught wrote at 2004-1-23 06:25 -0600:
>Is it possible to use proxy roles in a python script like this:
> ...
>review_history = container.portal_workflow.getInfoFor(result_obj,
>'review_history');
>
>last_published_review = [review for review in review_history if
>review.get('action','')=='publish'];
>
>last_published_date =
>context.toPortalTime(last_published_review[0]['time'], long_format=1)
>
>return last_published_date
>
>I'm trying to get a published date from the cmf document. It works
>great for owners and reviewers, but hands back...
>
>Error Details
>Error Type
>WorkflowException
>Error Value
>Could not get info: review_history
When you protect the workflow variable "review_history" with
a permission, then, almost surely, DCWorkflow uses
"AccessControl.SecurityManager.SecurityManager.checkPermission"
for verification.
This does not respect proxy roles (probably a bug!).
> ...
>I've got a proxy role of reviewer set on the script. Am I wrong in
>trying this approach?
I fear it will not work.
Maybe, you can remove the guard on "review_history"?
If not, you can try to the corresponding WorkflowTool method
directly in an external method and provide there your own
security check.
--
Dieter
More information about the Zope-CMF
mailing list