Controlling security with workflow
Work in progress
This chapter is still work in progress!
Workflow is used in Plone for three distinct, but overlapping purposes:
To keep track of metadata, chiefly an object’s state;
To create content review cycles and model other types of processes;
To manage object security.
When writing content types, we will often create custom workflows to go with them.
Plone’s workflow system is known as DCWorkflow. It is a states-and-transitions system, which means that your workflow starts in a particular state (the initial state) and then moves to other states via transitions (also called actions in CMF).
When an object enters a particular state (including the initial state), the workflow is given a chance to update permissions on the object.
A workflow manages a number of permissions – typically the “core” CMF permissions like View, Modify portal content and so on – and will set those on the object at each state change.
Note that this is event-driven, rather than a real-time security check: only by changing the state is the security information updated.
This is why you need to click Update security settings at the bottom of
portal_workflow screen in the ZMI when you change your workflows’ security settings and want to update existing objects.
Add a use case story thread that runs through each of the sections to illustrate how each concept works
Add in more screen shots of the TTW (Trough-The_web) experience of using workflows in Plone