[Zope-CMF] [dev] CMF 1.4 alpha

[Hamish Harvey (David)]

On Friday 28 Feb 2003 9:40 am, Chris Withers wrote:
> Florent Guillaume wrote:

> > - controlling creation: that's really controlling the calling of the
> > constructInstance method on the TI. And isConstructionAllowed has to be
> > kept in sync. So the test for a creation permission should really be in
> > isConstructionAllowed.
>
> Indeed. I think my original 'fix' which introduced the 'View' permission
> thing on the TI was a bit broken, since you have to be able to 'View' the
> TI to view content of that type, and my effectively meant that you had to
> be able to create content of a particular type in order to be able to view
> it :-(

Bingo.

> > Ok so I guess my position is now that an "Add instances" permission is
> > fine. Let's not reuse other permissions, it's not clean.
>
> Yeah, I'd like to see my 'View' permission hack remvoed to, what do people
> think?

It's sounding like this is a necessary step in any clean solution to the 
problem.

> > This doesn't prevent us from adding more fine-grained guards on the
> > creation, like a TALES guard. This would solve the problem of people who
> > want to create only certain types in certain folders.
>
> ...that's already handled by the TI's 'can contain' list. I'd prefer not to
> add any unnecessary complexity...

The "can contain" list solves the "people want to create only certain types in 
certain *types* of folder (folderish)". It doesn't allow people to specify on 
a per-folder-instance basis what types can be added (eg in the /news folder) 
without a kludge:

I achieved this effect by creating multiple FTIs based on PortalFolder (I 
presume, it was a while ago) and using the 'can contain' list on those custom 
types. A LinkFolder is only allowed to contain other LinkFolder and Links, 
for example.

I draw attention to this only because I see a difference, not because I need 
the feature. 

Cheers,
Hamish