[Zope-CMF] Proposed default workflow policy change

[Shane Hathaway]

I think the default workflow policy has generated a fair amount of
confusion among CMF users.  Part of the policy is that new objects are
not accessible by anyone but the creator and reviewers.  Items have to
be published before they are accessible in any way.

I would like to propose we change this policy slightly.  One goal was to
prevent random users from uploading random content that is immediately
visible, which can be a security hazard. But this goal may be misguided
because we're not talking about random users.  Presumably anyone who is
a member has some degree of trust.  Sites where anyone can create a free
acount usually verify the user's email address in some way, thus
establishing minimal trust. There are other measures that can be taken
to establish trust.  

So I think we should abandon that goal.  It's useful that new objects
aren't immediately accessible, but I think users should be able to make
their own content accessible without it being published.

So I propose that objects in the "pending" state be made accessible
immediately.  Pending items wouldn't show up in catalog searches unless
requested on the advanced search form.

Shane