[Zope-CMF] CMF 1.2: 'private' objects visible to 'Member' users
Tres Seaver
tseaver@zope.com
Thu, 14 Mar 2002 08:20:17 -0500 (EST)
On Thu, 14 Mar 2002, Ernie wrote:
>
> I'm using Zope 2.5.0 with the Mar 2003 hotfix, CMF 1.2.
>
> For some reason, newly created objects which are still 'private' can be seen by
> other ordinary members in the folder listing, and furthermore, viewed. However,
> anonymous users will not see such resources in the folder listing.
>
> The permissions "access future/inactive portal content" are not checked for
> ordinary members.
>
> Any idea why this may be so?
>
> Thanks in advance -- cheers,ernie.
At a guess, you are also using DCWorkflow, from a version prior to
the most recent CVS (e.g., the 0.4.2 release). It had this bug for
the "default" workflows. As a workaround:
- Visit the "private" state's "Security" tab, and uncheck the
"View" and "Access contents information" permissions for the
Anonymous role.
- Likewise update the "pending" state.
- On the "Workflows" tab of the workflow tool, click the "Update
security settings" button; this visits all workflowed content,
adjusting the role-permission mappings, and recataloguing it.
If you aren't using DCWorkflow, please let us know.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.org