[Community] Security: Layer Visibility and Workflow
Ludwig M Brinckmann
ludwigbrinckmann at hotmail.com
Wed Apr 26 15:15:10 EEST 2006
I am just in the process of putting the final touches to my plone site
before making it public and so I am tightening up security and workflow
(much too late, some might say)...
I have an issue with the visibility of Primagis layers. With the standard
plone workflow if I publish a layer, I automatically also allow an anonymous
user to see the layer definition, which I do not want.
(Anon users still cannot change anything, so it does not really compromise
my site, but I do not like them to see things they should not)
E.g. I have a layer 'counties'. If I make it visible to the anonymous user I
also allow him to open
I tested some other sites for this (apologies), such as
exhibits the same behaviour, so obviously the normal workflow maybe exposes
more than it should.
One way to make the primagis layer inaccessible would be to give it a
cryptic name ('security' by hiding it in a haystack), obviously a hack,
which I do not like.
I guess the right way is through workflows and I have added a
primagis_workflow, which allows anonymous users to 'view' something, but not
to 'access contents information' (in plone speak). This primagis_workflow
now controls the primagis layers.
I am not too familiar with plone workflows and their implications, so: is
this the right way forward?
The demo hosted at primagis.fi does not seem to exhibit problem, so I
wondered how you did it.
More information about the Community