How to make private contents
35 views
Skip to first unread message
Tetsuya Morimoto
Aug 15, 2012, 4:08:59 AM8/15/12
to ko...@googlegroups.com
Hi,
I want to control private contents for each users. For example,
there're user1 and user2. The user1 made content1, then the content1
is viewed by user1 only. Also the user2 made content2, then content2
is viewed by user2 only.
I found a document about kotti security. Should I implement an
appropriate kotti.principals_factory? Or can I use some
repoze.workflow features?
http://kotti.readthedocs.org/en/latest/developer-manual.html#develop-security
thanks,
Tetsuya
I want to control private contents for each users. For example,
there're user1 and user2. The user1 made content1, then the content1
is viewed by user1 only. Also the user2 made content2, then content2
is viewed by user2 only.
I found a document about kotti security. Should I implement an
appropriate kotti.principals_factory? Or can I use some
repoze.workflow features?
http://kotti.readthedocs.org/en/latest/developer-manual.html#develop-security
thanks,
Tetsuya
Christian Ledermann
Aug 15, 2012, 4:41:52 AM8/15/12
to ko...@googlegroups.com
On Wed, Aug 15, 2012 at 11:08 AM, Tetsuya Morimoto
<tetsuya....@gmail.com> wrote:
> Hi,
>
> I want to control private contents for each users. For example,
> there're user1 and user2. The user1 made content1, then the content1
> is viewed by user1 only. Also the user2 made content2, then content2
> is viewed by user2 only.
yes this is how it works
<tetsuya....@gmail.com> wrote:
> Hi,
>
> I want to control private contents for each users. For example,
> there're user1 and user2. The user1 made content1, then the content1
> is viewed by user1 only. Also the user2 made content2, then content2
> is viewed by user2 only.
> I found a document about kotti security. Should I implement an
> appropriate kotti.principals_factory? Or can I use some
> repoze.workflow features?
> http://kotti.readthedocs.org/en/latest/developer-manual.html#develop-security
> thanks,
> Tetsuya
>
> --
>
>
--
Best Regards,
Christian Ledermann
Nairobi - Kenya
Mobile : +254 702978914
<*)))>{
If you save the living environment, the biodiversity that we have left,
you will also automatically save the physical environment, too. But If
you only save the physical environment, you will ultimately lose both.
1) Don’t drive species to extinction
2) Don’t destroy a habitat that species rely on.
3) Don’t change the climate in ways that will result in the above.
}<(((*>
Tetsuya Morimoto
Aug 15, 2012, 4:56:22 AM8/15/12
to ko...@googlegroups.com
Thank you for quick response!
> I don't understand your question here. what are you asking?
You mean that Kotti handles the private content for each users by
default, right?
I haven't yet understood how to configure/implement to do that.
Could you show me about sample code or detailed procedure?
thanks,
Tetsuya
> --
>
>
> I don't understand your question here. what are you asking?
default, right?
I haven't yet understood how to configure/implement to do that.
Could you show me about sample code or detailed procedure?
thanks,
Tetsuya
>
>
Christian Ledermann
Aug 15, 2012, 5:02:25 AM8/15/12
to ko...@googlegroups.com
On Wed, Aug 15, 2012 at 11:56 AM, Tetsuya Morimoto
<tetsuya....@gmail.com> wrote:
> Thank you for quick response!
>
>> I don't understand your question here. what are you asking?
> You mean that Kotti handles the private content for each users by
> default, right?
yes. you have to test this with two 'normal' users, the admin can see eveything.
<tetsuya....@gmail.com> wrote:
> Thank you for quick response!
>
>> I don't understand your question here. what are you asking?
> You mean that Kotti handles the private content for each users by
> default, right?
> I haven't yet understood how to configure/implement to do that.
> Could you show me about sample code or detailed procedure?
that have this behavior?
Note you need the newest version of kotti with workflow integration
Tetsuya Morimoto
Aug 15, 2012, 5:34:04 AM8/15/12
to ko...@googlegroups.com
I made two users (user1 and user2) with Viewer and Editor permission.
The user1 made "user1-document", and then user2 can view and edit the
content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
e620df0f75), latest in this time.
> Do you want to implement new custom types that have this behavior?
Maybe, yes. But before doing so, I have to learn current feature since
it might be enough for me.
thanks,
Tetsuya
On Wed, Aug 15, 2012 at 6:02 PM, Christian Ledermann
> --
>
>
The user1 made "user1-document", and then user2 can view and edit the
content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
e620df0f75), latest in this time.
> Do you want to implement new custom types that have this behavior?
it might be enough for me.
thanks,
Tetsuya
On Wed, Aug 15, 2012 at 6:02 PM, Christian Ledermann
>
>
Daniel Nouri
Aug 15, 2012, 5:58:02 AM8/15/12
to ko...@googlegroups.com, Tetsuya Morimoto
On 08/15/2012 11:34 AM, Tetsuya Morimoto wrote:
> I made two users (user1 and user2) with Viewer and Editor permission.
> The user1 made "user1-document", and then user2 can view and edit the
> content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
> e620df0f75), latest in this time.
It's because users with the editor role can view and edit private
> I made two users (user1 and user2) with Viewer and Editor permission.
> The user1 made "user1-document", and then user2 can view and edit the
> content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
> e620df0f75), latest in this time.
items in the default workflow. From workflow.zcml:
<state name="private" callback="kotti.workflow.workflow_callback">
...
<key name="role:editor" value="view add edit state_change" />
...
</state>
I _think_ it makes sense to give the editor that, but not 100% sure.
Daniel
>>>>
>>>> 2) Don�t destroy a habitat that species rely on.
>>>>
>>>> 3) Don�t change the climate in ways that will result in the above.
>>>>
>>>> }<(((*>
>>>>
>>>> --
>>>>
>>>>
>>>
>>> --
>>>
>>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> Christian Ledermann
>>
>> Nairobi - Kenya
>> Mobile : +254 702978914
>>
>> <*)))>{
>>
>> If you save the living environment, the biodiversity that we have left,
>> you will also automatically save the physical environment, too. But If
>> you only save the physical environment, you will ultimately lose both.
>>
>> 1) Don�t drive species to extinction
>>>> }<(((*>
>>>>
>>>> --
>>>>
>>>>
>>>
>>> --
>>>
>>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> Christian Ledermann
>>
>> Nairobi - Kenya
>> Mobile : +254 702978914
>>
>> <*)))>{
>>
>> If you save the living environment, the biodiversity that we have left,
>> you will also automatically save the physical environment, too. But If
>> you only save the physical environment, you will ultimately lose both.
>>
>>
>> 2) Don�t destroy a habitat that species rely on.
>>
>> 3) Don�t change the climate in ways that will result in the above.
>>
>> }<(((*>
>>
>> --
>>
>>
>
Christian Ledermann
Aug 15, 2012, 7:11:34 AM8/15/12
to ko...@googlegroups.com
On Wed, Aug 15, 2012 at 12:58 PM, Daniel Nouri <daniel...@gmail.com> wrote:
> On 08/15/2012 11:34 AM, Tetsuya Morimoto wrote:
>>
>> I made two users (user1 and user2) with Viewer and Editor permission.
>> The user1 made "user1-document", and then user2 can view and edit the
>> content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
>> e620df0f75), latest in this time.
>
>
> It's because users with the editor role can view and edit private
> items in the default workflow. From workflow.zcml:
>
> <state name="private" callback="kotti.workflow.workflow_callback">
> ...
> <key name="role:editor" value="view add edit state_change" />
> ...
> </state>
>
> I _think_ it makes sense to give the editor that, but not 100% sure.
+1
> On 08/15/2012 11:34 AM, Tetsuya Morimoto wrote:
>>
>> I made two users (user1 and user2) with Viewer and Editor permission.
>> The user1 made "user1-document", and then user2 can view and edit the
>> content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
>> e620df0f75), latest in this time.
>
>
> It's because users with the editor role can view and edit private
> items in the default workflow. From workflow.zcml:
>
> <state name="private" callback="kotti.workflow.workflow_callback">
> ...
> <key name="role:editor" value="view add edit state_change" />
> ...
> </state>
>
> I _think_ it makes sense to give the editor that, but not 100% sure.
but as it is currently the case you need the editor role to add content.
would it make sense to you to add a 'contributor' (or so) role who
can add content and only edit his own contents?
>>>>>
>>>>> 2) Don’t destroy a habitat that species rely on.
>>>>>
>>>>> 3) Don’t change the climate in ways that will result in the above.
>>>>>
>>>>> }<(((*>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>> Christian Ledermann
>>>
>>> Nairobi - Kenya
>>> Mobile : +254 702978914
>>>
>>> <*)))>{
>>>
>>> If you save the living environment, the biodiversity that we have left,
>>> you will also automatically save the physical environment, too. But If
>>> you only save the physical environment, you will ultimately lose both.
>>>
>>> 1) Don’t drive species to extinction
>>>>> }<(((*>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>> Christian Ledermann
>>>
>>> Nairobi - Kenya
>>> Mobile : +254 702978914
>>>
>>> <*)))>{
>>>
>>> If you save the living environment, the biodiversity that we have left,
>>> you will also automatically save the physical environment, too. But If
>>> you only save the physical environment, you will ultimately lose both.
>>>
>>>
>>> 2) Don’t destroy a habitat that species rely on.
>>>
>>> 3) Don’t change the climate in ways that will result in the above.
>>>
>>> }<(((*>
>>>
>>> --
>>>
>>>
>>
>
> --
>
>
--
Best Regards,
Christian Ledermann
Nairobi - Kenya
Mobile : +254 702978914
<*)))>{
If you save the living environment, the biodiversity that we have left,
you will also automatically save the physical environment, too. But If
you only save the physical environment, you will ultimately lose both.
1) Don’t drive species to extinction
>>> }<(((*>
>>>
>>> --
>>>
>>>
>>
>
> --
>
>
--
Best Regards,
Christian Ledermann
Nairobi - Kenya
Mobile : +254 702978914
<*)))>{
If you save the living environment, the biodiversity that we have left,
you will also automatically save the physical environment, too. But If
you only save the physical environment, you will ultimately lose both.
2) Don’t destroy a habitat that species rely on.
3) Don’t change the climate in ways that will result in the above.
}<(((*>
Daniel Nouri
Aug 15, 2012, 7:24:49 AM8/15/12
to ko...@googlegroups.com
On 08/15/2012 01:11 PM, Christian Ledermann wrote:
> On Wed, Aug 15, 2012 at 12:58 PM, Daniel Nouri <daniel...@gmail.com> wrote:
>> On 08/15/2012 11:34 AM, Tetsuya Morimoto wrote:
>>>
>>> I made two users (user1 and user2) with Viewer and Editor permission.
>>> The user1 made "user1-document", and then user2 can view and edit the
>>> content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
>>> e620df0f75), latest in this time.
>>
>>
>> It's because users with the editor role can view and edit private
>> items in the default workflow. From workflow.zcml:
>>
>> <state name="private" callback="kotti.workflow.workflow_callback">
>> ...
>> <key name="role:editor" value="view add edit state_change" />
>> ...
>> </state>
>>
>> I _think_ it makes sense to give the editor that, but not 100% sure.
>
> +1
>
> but as it is currently the case you need the editor role to add content.
>
> would it make sense to you to add a 'contributor' (or so) role who
> can add content and only edit his own contents?
Fine with me. Would this follow Tetsuya's expectations?
> On Wed, Aug 15, 2012 at 12:58 PM, Daniel Nouri <daniel...@gmail.com> wrote:
>> On 08/15/2012 11:34 AM, Tetsuya Morimoto wrote:
>>>
>>> I made two users (user1 and user2) with Viewer and Editor permission.
>>> The user1 made "user1-document", and then user2 can view and edit the
>>> content. It doesn't work for me. I used Kotti-0.7dev8 (github: master
>>> e620df0f75), latest in this time.
>>
>>
>> It's because users with the editor role can view and edit private
>> items in the default workflow. From workflow.zcml:
>>
>> <state name="private" callback="kotti.workflow.workflow_callback">
>> ...
>> <key name="role:editor" value="view add edit state_change" />
>> ...
>> </state>
>>
>> I _think_ it makes sense to give the editor that, but not 100% sure.
>
> +1
>
> but as it is currently the case you need the editor role to add content.
>
> would it make sense to you to add a 'contributor' (or so) role who
> can add content and only edit his own contents?
We can add this extra role in 0.7.1.
Daniel
Tetsuya Morimoto
Aug 15, 2012, 8:43:55 AM8/15/12
to ko...@googlegroups.com
forward to releasing.
thanks,
Tetsuya
Daniel Nouri
Aug 15, 2012, 1:06:27 PM8/15/12
to ko...@googlegroups.com
security.py where we'd need to add that 'role:contributor', and then in
workflow.zcml.
Daniel
Tetsuya Morimoto
Aug 15, 2012, 10:52:31 PM8/15/12
to ko...@googlegroups.com
> If someone wants to help out with this, there's a few places in security.py
> where we'd need to add that 'role:contributor', and then in workflow.zcml.
I'm learning Kotti security feature, so I try to help out.
> where we'd need to add that 'role:contributor', and then in workflow.zcml.
>
>
Christian Ledermann
Aug 16, 2012, 2:18:45 AM8/16/12
to ko...@googlegroups.com
On Thu, Aug 16, 2012 at 5:52 AM, Tetsuya Morimoto
<tetsuya....@gmail.com> wrote:
>> If someone wants to help out with this, there's a few places in security.py
as far as i can see add
<tetsuya....@gmail.com> wrote:
>> If someone wants to help out with this, there's a few places in security.py
in security.py to ROLES:
u'role:contributor': Principal(u'role:contributor', title=_(u'Contributor')),
and in SITE_ACL:
['Allow', 'role:contributor', ['add']],
As the creator of an item gets the role 'Owner' (does he? scanning the code
I did not find it) the workflow should be OK as is
Daniel Nouri
Aug 16, 2012, 3:31:22 AM8/16/12
to ko...@googlegroups.com
On 08/16/2012 08:18 AM, Christian Ledermann wrote:
> On Thu, Aug 16, 2012 at 5:52 AM, Tetsuya Morimoto
> <tetsuya....@gmail.com> wrote:
>>> If someone wants to help out with this, there's a few places in security.py
>
> as far as i can see add
>
> in security.py to ROLES:
>
> u'role:contributor': Principal(u'role:contributor', title=_(u'Contributor')),
>
> and in SITE_ACL:
>
> ['Allow', 'role:contributor', ['add']],
>
>
> As the creator of an item gets the role 'Owner' (does he? scanning the code
> I did not find it) the workflow should be OK as is
Yes, he does. The owner is set in 'kotti.events.set_owner' (if it
> On Thu, Aug 16, 2012 at 5:52 AM, Tetsuya Morimoto
> <tetsuya....@gmail.com> wrote:
>>> If someone wants to help out with this, there's a few places in security.py
>
> as far as i can see add
>
> in security.py to ROLES:
>
> u'role:contributor': Principal(u'role:contributor', title=_(u'Contributor')),
>
> and in SITE_ACL:
>
> ['Allow', 'role:contributor', ['add']],
>
>
> As the creator of an item gets the role 'Owner' (does he? scanning the code
> I did not find it) the workflow should be OK as is
hasn't been set before).
Daniel
Tetsuya Morimoto
Aug 16, 2012, 5:19:30 AM8/16/12
to ko...@googlegroups.com
Hi,
I'm debugging now. I encountered a little complicated situation. I
added "role:contributor" and modified
security.py/populate.py/workflow.zcml as follows.
kotti/security.py
SITE_ACL = [
['Allow', 'system.Everyone', ['view']],
['Allow', 'role:viewer', ['view']],
['Allow', 'role:editor', ['view', 'add', 'edit', 'state_change']],
['Allow', 'role:owner', ['view', 'add', 'edit', 'manage',
'state_change']],
['Allow', 'role:contributor', ['view', 'add']],
]
kotti/populate.py (for debugging)
def populate():
if DBSession.query(Node).count() == 0:
root = Document(**_ROOT_ATTRS)
root.__acl__ = SITE_ACL
print 'SITE_ACL:'
print root.__acl__
DBSession.add(root)
root['about'] = Document(**_ABOUT_ATTRS)
wf = get_workflow(root)
if wf is not None:
DBSession.flush() # Initializes workflow
print 'after DBSession.flush():'
print root.__acl__
wf.transition_to_state(root, None, u'public')
print 'after wf.transition_to_state(root, None,
"public"):'
print root.__acl__
kotti/workflow.zcml
<state name="public" callback="kotti.workflow.workflow_callback">
.. (snip) ..
<key name="role:contributor" value="view" />
</state>
I got some debug output as follows when a root content was populated.
SITE_ACL:
[['Allow', 'system.Everyone', ['view']],
['Allow', 'role:viewer', ['view']],
['Allow', 'role:editor', ['view', 'add', 'edit', 'state_change']],
['Allow', 'role:owner', ['view', 'add', 'edit', 'manage', 'state_change']],
['Allow', 'role:contributor', ['view', 'add']]]
after DBSession.flush():
[('Allow', 'role:owner', u'view'),
('Allow', 'role:owner', u'add'),
('Allow', 'role:owner', u'edit'),
('Allow', 'role:owner', u'manage'),
('Allow', 'role:owner', u'state_change'),
('Allow', 'role:viewer', u'view'),
('Allow', 'role:editor', u'view'),
('Allow', 'role:editor', u'add'),
('Allow', 'role:editor', u'edit'),
('Allow', 'role:editor', u'state_change'),
('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList
object at 0x23998d0>)]
after wf.transition_to_state(root, None, "public"):
[('Allow', 'role:contributor', u'view'),
('Allow', 'role:owner', u'view'),
('Allow', 'role:owner', u'add'),
('Allow', 'role:owner', u'edit'),
('Allow', 'role:owner', u'manage'),
('Allow', 'role:owner', u'state_change'),
('Allow', 'role:viewer', u'view'),
('Allow', 'role:editor', u'view'),
('Allow', 'role:editor', u'add'),
('Allow', 'role:editor', u'edit'),
('Allow', 'role:editor', u'state_change'),
('Allow', 'system.Everyone', u'view'),
('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList
object at 0x23998d0>)]
After "wf.transition_to_state(root, None, u'public')" is executed,
"('Allow', 'role:contributor', u'view')" attribute is added by
referring to workflow.zcml. To be able to add a document to root
content by a user with "role:contributor", it need an "add"
permission. However, I don't want to set "add" permission for
"role:contributor" in workflow.zcml, because another user with
"role:contributor" can add any private contents.
I don't know why "role:contributor" attribute is not added to
root.__acl__ when "root.__acl__ = SITE_ACL" is set and
"DBSession.flush()" is executed. Is my thinking something wrong?
thanks,
Tetsuya
> --
>
>
I'm debugging now. I encountered a little complicated situation. I
added "role:contributor" and modified
security.py/populate.py/workflow.zcml as follows.
kotti/security.py
SITE_ACL = [
['Allow', 'system.Everyone', ['view']],
['Allow', 'role:viewer', ['view']],
['Allow', 'role:editor', ['view', 'add', 'edit', 'state_change']],
['Allow', 'role:owner', ['view', 'add', 'edit', 'manage',
'state_change']],
['Allow', 'role:contributor', ['view', 'add']],
]
kotti/populate.py (for debugging)
def populate():
if DBSession.query(Node).count() == 0:
root = Document(**_ROOT_ATTRS)
root.__acl__ = SITE_ACL
print 'SITE_ACL:'
print root.__acl__
DBSession.add(root)
root['about'] = Document(**_ABOUT_ATTRS)
wf = get_workflow(root)
if wf is not None:
DBSession.flush() # Initializes workflow
print 'after DBSession.flush():'
print root.__acl__
wf.transition_to_state(root, None, u'public')
print 'after wf.transition_to_state(root, None,
"public"):'
print root.__acl__
kotti/workflow.zcml
<state name="public" callback="kotti.workflow.workflow_callback">
.. (snip) ..
<key name="role:contributor" value="view" />
</state>
I got some debug output as follows when a root content was populated.
SITE_ACL:
[['Allow', 'system.Everyone', ['view']],
['Allow', 'role:viewer', ['view']],
['Allow', 'role:editor', ['view', 'add', 'edit', 'state_change']],
['Allow', 'role:owner', ['view', 'add', 'edit', 'manage', 'state_change']],
['Allow', 'role:contributor', ['view', 'add']]]
after DBSession.flush():
[('Allow', 'role:owner', u'view'),
('Allow', 'role:owner', u'add'),
('Allow', 'role:owner', u'edit'),
('Allow', 'role:owner', u'manage'),
('Allow', 'role:owner', u'state_change'),
('Allow', 'role:viewer', u'view'),
('Allow', 'role:editor', u'view'),
('Allow', 'role:editor', u'add'),
('Allow', 'role:editor', u'edit'),
('Allow', 'role:editor', u'state_change'),
('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList
object at 0x23998d0>)]
after wf.transition_to_state(root, None, "public"):
[('Allow', 'role:contributor', u'view'),
('Allow', 'role:owner', u'view'),
('Allow', 'role:owner', u'add'),
('Allow', 'role:owner', u'edit'),
('Allow', 'role:owner', u'manage'),
('Allow', 'role:owner', u'state_change'),
('Allow', 'role:viewer', u'view'),
('Allow', 'role:editor', u'view'),
('Allow', 'role:editor', u'add'),
('Allow', 'role:editor', u'edit'),
('Allow', 'role:editor', u'state_change'),
('Allow', 'system.Everyone', u'view'),
('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList
object at 0x23998d0>)]
After "wf.transition_to_state(root, None, u'public')" is executed,
"('Allow', 'role:contributor', u'view')" attribute is added by
referring to workflow.zcml. To be able to add a document to root
content by a user with "role:contributor", it need an "add"
permission. However, I don't want to set "add" permission for
"role:contributor" in workflow.zcml, because another user with
"role:contributor" can add any private contents.
I don't know why "role:contributor" attribute is not added to
root.__acl__ when "root.__acl__ = SITE_ACL" is set and
"DBSession.flush()" is executed. Is my thinking something wrong?
thanks,
Tetsuya
>
>
Daniel Nouri
Aug 16, 2012, 5:48:37 AM8/16/12
to ko...@googlegroups.com
the "add" permission.
> I don't know why "role:contributor" attribute is not added to
> root.__acl__ when "root.__acl__ = SITE_ACL" is set and
> "DBSession.flush()" is executed. Is my thinking something wrong?
the workflow. So if you have a workflow defined, the SITE_ACL will
actually be overwritten by what's in workflow.zcml.
Cheers,
Daniel
Tetsuya Morimoto
Aug 16, 2012, 6:38:55 AM8/16/12
to ko...@googlegroups.com
> The flush will initialize the root's __acl__ with what's defined in
> the workflow. So if you have a workflow defined, the SITE_ACL will
> actually be overwritten by what's in workflow.zcml.
I understood that overwriting SITE_ACL by workflow.zcml is specification.
> the workflow. So if you have a workflow defined, the SITE_ACL will
> actually be overwritten by what's in workflow.zcml.
Now, I modified workflow.zcml as follows. The root.__acl__ has
('Allow', 'role:contributor', u'view') and ('Allow',
'role:contributor', u'add').
workflow.zcml:
<state name="private" callback="kotti.workflow.workflow_callback">
.. (snip) ..
<key name="role:contributor" value="" />
</state>
<state name="public" callback="kotti.workflow.workflow_callback">
.. (snip) ..
</state>
Imagine there're user1 and user2 with with "role:contributor". In this
case, user2 cannot view user1's document if the document content is
private. Also, user1 cannot view user2's one. If user1 change its
state public, user2 can view and add a document into user1's document.
Is this appropriate behavior?
thanks,
Tetsuya
>
>
Andreas Kaiser
Aug 16, 2012, 7:20:04 AM8/16/12
to ko...@googlegroups.com
On 16.08.2012, at 12:38, Tetsuya Morimoto <tetsuya....@gmail.com> wrote:
>> The flush will initialize the root's __acl__ with what's defined in
>> the workflow. So if you have a workflow defined, the SITE_ACL will
>> actually be overwritten by what's in workflow.zcml.
> I understood that overwriting SITE_ACL by workflow.zcml is specification.
>
> Now, I modified workflow.zcml as follows. The root.__acl__ has
> ('Allow', 'role:contributor', u'view') and ('Allow',
> 'role:contributor', u'add').
>
> workflow.zcml:
>
> <state name="private" callback="kotti.workflow.workflow_callback">
> .. (snip) ..
> <key name="role:contributor" value="" />
> </state>
>
> <state name="public" callback="kotti.workflow.workflow_callback">
> .. (snip) ..
> <key name="role:contributor" value="view add" />
> </state>
>
> Imagine there're user1 and user2 with with "role:contributor". In this
> case, user2 cannot view user1's document if the document content is
> private. Also, user1 cannot view user2's one. If user1 change its
> state public, user2 can view and add a document into user1's document.
> Is this appropriate behavior?
If you really want these users to be able to add arbitrary children to all public nodes, then yes.
A more common use case might be that you want your users to have some kind of "home folder". In that case you wouldn't assign roles to your users globally at all. Instead you'd assign them locally on their respective "home folder" (or just make them the owner of that content node) and wouldn't need to change the default workflow at all.
HTH,
Andreas
Tetsuya Morimoto
Aug 16, 2012, 8:30:17 AM8/16/12
to ko...@googlegroups.com
"role:contribute" attribute and its behavior by default. Because,
Nouri said "role:contributor" will be added in Kotti 0.7.1.
Additionally, I learned we can set own "kotti.populators" and/or
"kotti.use_workflow" configuration even if my requirements is
different from Kotti's default behavior.
> A more common use case might be that you want your users to have some kind of "home folder". In that case you wouldn't assign roles to your users globally at all. Instead you'd assign them locally on their respective "home folder" (or just make them the owner of that content node) and wouldn't need to change the default workflow at all.
thanks,
Tetsuya
>
>
Daniel Nouri
Aug 17, 2012, 7:13:36 AM8/17/12
to ko...@googlegroups.com, Tetsuya Morimoto
worfklow for now. Unless we decide it's a general enough use case to
be there. (Third party apps can always add their own roles.)
Daniel
Tetsuya Morimoto
Aug 17, 2012, 7:43:41 AM8/17/12
to Daniel Nouri, ko...@googlegroups.com
workflow to achieve my needs. Thank you for giving me useful advices!
thanks,
Tetsuya
Reply all
Reply to author
Forward
0 new messages