Plone › Product Developers

permission inconsistency for copy-n-paste vs. 'add new...'

1 message Options
Embed this post
Permalink
David Hostetler () permission inconsistency for copy-n-paste vs. 'add new...'
Reply Threaded More More options
Print post
Permalink
I'm frustrated by what appears to be incongruity in the permissions
required for copying and pasting objects vs. adding new objects, in a
given folder.

I'm working on a custom workflow, and thought I had a role configured
to be able to create new items in a folder (a typical
'contributor'-style role), only to discover that using the
folder_contents view to copy and paste items into the folder was _NOT_
allowed.   Turns out that the 'View management screens' permission is
required to access the manage_pasteObjects function (as proxied
through folder_paste.cpy).

But 'View management screens' is also the gateway for all kinds of
other stuff, besides just pasting items into a folder.  It seems like
an inappropriate and overly broad permission to associate with pasting
objects.

It seems to me that there is no difference whatsoever between adding a
new item via the 'add item...' menu, and adding a new item by copying
an existing item (and in fact I would expect both to adhere to the
content restrictions for the container, making them even more
functionally indistinguishable).

Furthermore, the 'paste' action itself (as configured in
portal_actions/folder_buttons) uses 'Add portal content' as the gating
permission.  That, at least, is exactly what I would expect.  'Add
portal content' is precisely the permission that I was incorporating
into my custom workflow.

'View management screens' seems like it shouldn't be involved in this
scenario at all -- and yet there it is, sprinkled all over the
CopySupport.py file.


Any insight into this?  Is it a bug?  It feels like a bug.   I can't
in good conscience just give out the 'View management screens'
permission to those users that need to be able to add content items.
But if I don't - they can't use the copy-n-paste process, which is
inarguably the most effective mechanism for creating content that
needs to closely resemble existing content.


regards,

-hoss

David Hostetler
[hidden email]

_______________________________________________
Product-Developers mailing list
[hidden email]
http://lists.plone.org/mailman/listinfo/product-developers
Free Embeddable Forum Powered by Nabble Help