This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

Attention!

This version works only on Plone 4 (Products.CMFCore 2.2, Products.DCWorkflow 2.2). If you want to use this package on Plone 3.3, please use the 1.0b1 version.

Introduction

This product provides an alternative type of workflow definition. It works much like a regular workflow, but instead of granting permissions when entering a particular state, it takes them away from the selected roles.

The original use case was to support “confidential” content items via a secondary workflow. The primary chain on the type has a publishing workflow that will grant the View permission to various roles in various states. The secondary ‘confidentiality workflow’ has two states: ‘normal’ and ‘confidential’. In the ‘normal’ state, no roles are selected for the View permission, and so the role mappings from the primary workflow apply. However, in the ‘confidential’ state, Anonymous, Authenticated and Member have been selected for the View permission and so these roles no longer have the ability to view the item.

Note that the ‘acquire’ flag should almost always be off. The subtractive workflow will set the acquire property in the same way as the default workflow definition, but the results will probably not be what you expect, since permissions that were “turned off” may well be acquired.

Also note that group-to-local role mappings are not “subtractive” and work exactly as in the standard workflow definition. In general, local roles are always inherited in Zope (although Plone has an extension to turn this off).

The effects of multiple workflows

This product depends on an interpretation of the DCWorkflow permissions system as follows:

  • If there are multiple workflows in a chain, the item’s state is determined by all the workflows, not just the last one.
  • In particular, the permission settings in all workflows in the chain apply at all times. Later workflows can override earlier ones.

To support this, an event handler is installed that will, when a transition occurs, “re-play” the updateRoleMappings() call for all workflows in the chain (there is an optimisation to avoid duplicate work if there’s only one workflow in the chain). It will do nothing if there are no subtractive workflows in the chain, but as soon as there is one, you will get this behaviour.

Thus, if you have a subtractive workflow as the second workflow in a two-workflow chain, and you invoke a transition from either the first or the second workflow, the permissions from both will apply, with the subtractive workflow allowed to override the normal workflow.

Note that this may affect existing multi-workflow chains, because by default, DCWorkflow does not “re-play” the role mappings in this way, letting instead the most recently entered state determine the role mappings and fully overriding roles from the current state of any other workflows in the chain.

Changelog

2.0b1 (2010-09-11)

  • The fact of setting dummy to the container generate an AddedObjectEvent, Products.CMFCore.CMFCatalogAware.handleContentishEvent catch the event and call wftool.notifyCreated(dummy). Products.CMFCore 2.2, in Products.CMFCore.WorkflowTool.notifyCreated, added a check, wf.notifyCreated is not called if it was previously called (workflow_history not empty). So in the tests, wftool.notifyCreated(dummy) does nothing after the dummy object has been set to the container. All the tests have been adapted and fixed. [vincentfretin]
  • Removed the explicit check “event.transition is None, then return” in react.object_transitioned subscriber. We want the roles mapping to be updated if the confidential state is the initial state. [vincentfretin]
  • Fixed workflow GenericSetup import, the _initDCWorkflow signature changed in Products.DCWorkflow 2.2 used by Plone 4. This version will not work anymore with Products.DCWorkflow 2.1 used by Plone 3. [vincentfretin]

1.0b1 - 2009-04-03

  • Initial release
Release History

Release History

2.0b1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0b1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
collective.subtractiveworkflow-2.0b1.zip (30.6 kB) Copy SHA256 Checksum SHA256 Source Sep 11, 2010

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting