New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACL is not fine grained enough for many usecases #742
Comments
We already have solutions to address those cases:
I don't think we should create something similar to Plone workflow, because:
|
I'm not suggesting anything to do with workflow. or about Plomino_Readers. I'm saying that it is unnecessary and confusing and creates more work to make your ACLs not independent. If an Author wasn't automatically a Reader then its trivial to setup things such that one group can view the data, and another can add to it (without reading). Not special coding required. And if you want the current setup then you just give those users BOTH Author and Reader. It is an enhancement that makes many use cases much simpler with no downside (except backwards incompatibility). |
For example here is another scenario thats currently hard to solve. All Authors can see the list of all views. Even if I can use Plomino_readers to hide the documents from an Author (and the views themselves will appear empty), I can't hide the list of Views itself. |
User problem
Scenarios like #568 aren't well supported. Others include
Options
independent roles
Similar to Plone, plomino 2 should be switched to independent roles. ie, author is not automatically a reader, editor is not automatically an author, designer is not automatically an editor etc.
Roles can always be used in combination so not ability is lost.
An upgrade step might have to be used to fix older databases.
The text was updated successfully, but these errors were encountered: