I'm frustrated by what appears to be incongruity in the permissions required for copying and pasting objects vs. adding new objects, in a given folder.
I'm working on a custom workflow, and thought I had a role configured to be able to create new items in a folder (a typical 'contributor'-style role), only to discover that using the folder_contents view to copy and paste items into the folder was _NOT_ allowed. Turns out that the 'View management screens' permission is required to access the manage_pasteObjects function (as proxied through folder_paste.cpy). But 'View management screens' is also the gateway for all kinds of other stuff, besides just pasting items into a folder. It seems like an inappropriate and overly broad permission to associate with pasting objects. It seems to me that there is no difference whatsoever between adding a new item via the 'add item...' menu, and adding a new item by copying an existing item (and in fact I would expect both to adhere to the content restrictions for the container, making them even more functionally indistinguishable). Furthermore, the 'paste' action itself (as configured in portal_actions/folder_buttons) uses 'Add portal content' as the gating permission. That, at least, is exactly what I would expect. 'Add portal content' is precisely the permission that I was incorporating into my custom workflow. 'View management screens' seems like it shouldn't be involved in this scenario at all -- and yet there it is, sprinkled all over the CopySupport.py file. Any insight into this? Is it a bug? It feels like a bug. I can't in good conscience just give out the 'View management screens' permission to those users that need to be able to add content items. But if I don't - they can't use the copy-n-paste process, which is inarguably the most effective mechanism for creating content that needs to closely resemble existing content. regards, -hoss David Hostetler [email protected] _______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
