Etria Lists

Misfire...

---------- Forwarded message ----------
From: Derek Richardson <plone at derekrichardson.net>
Date: Jan 7, 2008 2:57 PM
Subject: Re: [quills-dev] [Quills Issue Tracker] New issue: #127 -
does not play nicely with Intranet/Extranet Workflow
To: Tim Hicks <tim at sitefusion.co.uk>


On Jan 7, 2008 2:47 PM, Tim Hicks <tim at sitefusion.co.uk> wrote:
> Derek Richardson wrote:
>
> > Why code Quills to workflow states? Why not just have Quills obey the
> > visibility attributes on the underlying content items according to
> > standard permissions? Thus viewing a blog post, like viewing content
> > in other ways, could be managed by workflows written by admins.
>
> Yeah, this sounds like a nicer solution than what we have currently.
>
> > This opens up having blogs that display user-specific entries based on
> > security. That sounds nice, to me.
>
> I agree that this sounds nice.  However, we probably need to put some
> thought into how this would work as it would subtly change the APIs and
> potentially make some of the views a little confusing - "why can't my
> reader see what I can see?".

I see the option as fliexibility. Admins can set up the workflows so
that this confusion will never occur. Or, if they have power users,
they can give them the additional flexibility and see what happens.

> As things stand, IWeblog.getEntries should return all entries that are
> viewable by anonymous.  As a first step to resolve the issue report
> (#127) that started this thread, it probably makes sense to adjust the
> relevant catalog queries so that they search for content that is
> anonymously viewable.  Off the top of my head, I can't think how to do
> that.  Any ideas?
>
> Once we've got this issue sorted, then perhaps we could conceive of a
> changed/additional API that returns weblog entries based on the
> permissions of the caller/user.  I have no particular need for this
> myself (and so no need to scatch that itch), but if others do, then it
> sounds reasonable.

I thought, perhaps incorrectly, that catalogs would only return
content the current user can see. Security is built-in? So, if you
simply query for content that fits the other criteria, it will
automagically give you the content appropriate for the user.

> > BTW, this problem is why blogs are borken on my site, but, since all
> > my workflows are custom, none of the variations on 'hardcode a
> > workflow name' will work for me.
>
> Before your message arrived, I was thinking of adding a (ttw) config
> option for a list of workflow states that should be deemed as
> 'published'.  If we can't craft a catalog query as described above,
> perhaps this would help you and the original poster?

As long as it is states, and not a single state, that is fine by me.
;) I misread it as singular before.

Thanks,

Derek