[Zope-CMF] dcworkflow variables and security ManagePortal

Dieter Maurer dieter at handshake.de
Sun Jan 25 18:11:46 EST 2004


Sune Brøndum Wøller wrote at 2004-1-23 18:35 +0100:
> ...
>Here comes the real problem:
>
>BUT, apparently you are only allowed to 'work with'
>variables if you have the permission
>"ManagePortal". When my normal members submit content
>the state_title variable is set to None. When i give the member-role
>the permission "ManagePortal" it works, the variable is updated on
>every transition.
>
>
>In the code Variables.py:
>
>class VariableDefinition (SimpleItem):
>    meta_type = 'Workflow Variable'
>
>    security = ClassSecurityInfo()
>    security.declareObjectProtected(ManagePortal)
>...
>
>
>
>Why is this so ?
>I guess it should be changed... ?

This security declaration should not be relevant for the setting
of workflow variables (as this is done from Python product
code not restricted by the security mechanism).

In no case, should a missing permission cause a different value
to be stored in the variable (you should get an "Unauthorized"
exception instead).

I think, I use workflow variables successfully, i.e. I do not observe
behaviour you report...

-- 
Dieter



More information about the Zope-CMF mailing list