Hi,
persho schrieb:
Hello,
the situation is a bit different:
I have a content type, let's call it CT_A. I have 3 groups of users that
both have the permission to edit and view CT_A, let's call them GROUP_AM,
GROUP_NZ and GROUP_all. Group_AM can only view and edit CT_A with TITLE's
first letter A-M and group_NZ from N-Z., group_all can view and edit all.
This must be very strict, it must not happen, that a person in group_nz
would anyhow see any CT_A item with title's first letter form a to m.
When adding a CT_A a validator should be made, to check the first letter of
a TITLE and the permission of the group, the editor is in, so if the editor
is in a wrong group, he would be informed about it. So this is not a
problem.
What about when viewing and searching CT_A? Each template should containg
tal:condition, that checks the permissions for the person viewing and the
first letter. This is not so elegant.
Does it make sense to create 2 CT's, like CT_A_am and CT_A_nz, that are
identical, so we get more permissons to add to different groups?
You can create two roles (say am and nz) and an workflow that does some
automatic transition into something_am and something_nz. The workflows
gives the edit and view permissions to either the am or the nz role. You
than assign the roles to all groups that need to have them.
Or you choose an simpler workflow that gives the necessary permissions
to the "owner" role only. Then you write an event subscriber that give
the local role "owner" to one or more groups.
That sounds a bit hackish (an hardcoded subscriber for groups that are
configured) but works. If you want to keep it flexible, you don't write
a hard coded event subscriber, but a custom configurable contentrule.
I would prefer to use two different roles cause you can give them to a
the group_all, and don't have to put many people into different groups.
..Carsten
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
