Etria Lists

Tim Hicks wrote:
> Derek Richardson wrote:

[..]

>> I thought, perhaps incorrectly, that catalogs would only return
>> content the current user can see. Security is built-in?
> 
> Ah, good point.  I hadn't realised that, but looking at the 
> searchResults method in 
> <http://dev.plone.org/plone/browser/Products.CMFPlone/trunk/Products/CMFPlone/CatalogTool.py> 
> suggests that you are correct.
> 

This is correct. Mostly at least; there are rare situations where
this can be tricked by local role settings but otherwise this is
a safe assumption; there's a reason why there is a "unrestricted"
catalog search as well (which doesn't take the 'allowed_users_and_roles'
index into account).

Other than that, I personally would not like yet another configlet to
(re)map workflow states to what the blog should consider public
versus draft etc. I think it is better to honor the existing
settings. Alternatively, one could consider using a custom
(or local to the blog) workflow from the onset.

In the long run - by which I mean supporting arbitrary content
as blog posts - I think the only way to avoid confusion will be
to control general access and modification rights in the general
Plone (aka workflow) way and let the assignment of a marker interface
plus appropriate adapter (or whatever the idea is) determine what's
part of the blog.

Just my 2 cents.

Raphael