Dieter Maurer wrote: > bruno modulix wrote at 2005-9-28 10:02 +0200: > >>Dieter Maurer wrote: >>... >> >>>Sounds like a permission to role mapping flaw... >>> >>> Apparently, roles controlled by the "Portal" UserFolder (e.g. >>> "Authenticated") are allowed to do things in your CPM that >>> you only be allowed by roles controlled by their UserFolder. >>> >>>You may be able to fix this by making the roles controlled >>>by the "Portal" and the "CPM" level disjoint. >>> >>>"Authenticated" cannot be made disjoint -- but you may not use >>>it inside your CPMs. >> >>The problem here is that CPS (the portal and all CPMs are CPS instances) >>uses predefined roles, on which the various workflows relies, so that >>would mean renaming all roles - differently - on each CPM, and modifying >>the workflows too. > > > I think that is would only be necessary that the roles > are disjoint between "Portal" and "CPM". All "CPM"s can use > the same roles.
Nope. Some users may have different roles from CPM to CPM. > >>Given that the customer is going to create new CPMs >>"at will", I'm afraid this solution is somewhat unpractical... > > > Maybe, this changes when you need to touch only the "Portal" roles? > I don't want to mess with CPS predifined roles. But thanks anyway. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )