[Zope-CMF] Allowed content types (CMF 1.5 - Roadmap)

Florent Guillaume fg at nuxeo.com
Mon May 10 09:13:50 EDT 2004


In article <opr4r225y0vhba00 at serafin> you write:
> (CC-ing this to Plone Developers, as they feel this pain very often, and  
> can surely explain the scenario a bit more in-depth than yours truly :)
> 
> Hi,
> 
> Since we're still talking about CMF 1.5 and the roadmap, I was surprised  
> that no-one mentioned the #1 most requested feature in the CMF: Deciding  
> who can add what where.
> 
> Roles-based Add Permission is already possible on a global level, what's  
> needed is a way to allow this on a *per-content-type* basis.
> 
> Something like this:
>                     Manager Reviewer Member
> CMF: Add Document   [x]     [ ]      [x]
> CMF: Add News Item  [x]     [ ]      [ ]
> CMF: Add Event      [x]     [x]      [ ]
> 
> The current CMF notion of having *one* permission that is common to all  
> content types is pretty restricting. Similarly, there should be such  
> permissions for Deleting/Modifying the different content types. (Also, if  
> this is happening and new permissions are needed, it would be nice to  
> follow the Product: Permission Name naming convention. Minor nitpick, but  
> you all know how hard it is to find the permission you need in a list of  
> 300 alphabetically sorted permissions. :)
> 
> You generally manage permissions with workflows in the CMF, and it would  
> also be a nice benefit to apply this on individual content types - say if  
> you wanted only Documents to be addable in one state, and only  
> DocumentReviews to be addable in the next state.
> 
> In Plone, we have 'getAllowedTypes' and 'getNotAddableTypes' to control  
> what shows up in the menu, but this is not really a security restriction -  
> only a way to avoid 200 content types in the Add menu. It gets pretty  
> nasty on big sites with lots of different content types when you can add  
> anything anywhere. (Yes, I know you can repurpose folders and restrict the  
> set of addable objects, but guess what? Types explosion isn't lessened by  
> this. ;)

I also agree that content creation should be driven by the workflow. In
CPS 3 we use the following strategy: when an object is created, a
special transition in the workflow (one that has a special "initial
transition" flag) is followed.

If the transition has a guard that's false, then creation is not
possible. If the guard allows it, then the object is created in the
destination state for the transition (and transition scripts may be
executed).

So to check if an object can be created somewhere, we find all
transitions with the "initial transition" flag in the workflow for the
to-be-created content type, and check their guard.

HTH,

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg at nuxeo.com



More information about the Zope-CMF mailing list