bruno modulix wrote at 2005-9-28 10:02 +0200: >Dieter Maurer wrote: > ... >> Sounds like a permission to role mapping flaw... >> >> Apparently, roles controlled by the "Portal" UserFolder (e.g. >> "Authenticated") are allowed to do things in your CPM that >> you only be allowed by roles controlled by their UserFolder. >> >> You may be able to fix this by making the roles controlled >> by the "Portal" and the "CPM" level disjoint. >> >> "Authenticated" cannot be made disjoint -- but you may not use >> it inside your CPMs. > >The problem here is that CPS (the portal and all CPMs are CPS instances) >uses predefined roles, on which the various workflows relies, so that >would mean renaming all roles - differently - on each CPM, and modifying >the workflows too.
I think that is would only be necessary that the roles are disjoint between "Portal" and "CPM". All "CPM"s can use the same roles. >Given that the customer is going to create new CPMs >"at will", I'm afraid this solution is somewhat unpractical... Maybe, this changes when you need to touch only the "Portal" roles? -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )