[Zope-CMF] Re: [CMF-checkins] CVS: CMF/CMFCore - CatalogTool.py:1.30.4.7

Sidnei da Silva sidnei@x3ng.com
Sun, 27 Apr 2003 17:26:38 -0300


Yuppie wrote:

> Hi!
>
>
> Sidnei da Silva wrote:
>
>> Yuppie wrote:
>
> [...]
>
>>> If I understand your checkin correctly, allowedRolesAndUsers now 
>>> returns users that don't have the local role 'Owner' and might not 
>>> have a 'View' permission. 
>>
>>
>>
>> No. With my change the user that created the object (and is the 
>> object Owner) is included on allowedRolesAndUsers if the Owner role 
>> has the View permission on the object. As Shane pointed out, the best 
>> solution would be giving the local role of Owner to the user that 
>> created the object instead.
>
>
> 1.) I can't reproduce the problem you resolved. AFAICT users creating 
> objects *are* given the local role of Owner.
>
> 2.) If the 'View' permission depends on the role 'Owner', owners 
> without the role 'Owner' can't view the object.
>
> Or am I missing something? 

Hummm... No. I think that Im missing something. I just confirmed that 
youre right, and the user seems to have the local role of owner when 
creating objects on his home folder. I cant test the setup I was working 
with right now though, which was quite different, and maybe im looking 
at the wrong place.

I was using CMFCommerce. As a normal 'Member', I buy something. When I 
checkout, my Order is created and placed on portal_commerce/orders. The 
initial workflow state sets the View permission on the order only to 
Manager and Owner. Now, for some reason the user didnt make it to 
allowedRolesAndUsers, and as the Owner role is removed from the list, 
the user couldnt find his Order by searching. I looked in portal_catalog 
and only 'Manager' was on allowedRolesAndUsers. Ill recheck this 
tomorrow when I get to the office.

~dc