Discussion:
[Erp5-dev] Proxy role not working for workflow transitions?
Jacek Medrzycki
2007-03-10 14:16:55 UTC
Permalink
hi

I have a transition - reject_action, which requires Manager role to launch.

I have another transition - employ_action (available to Assignor) -
which triggers employ transition, which in turn triggers script (after).
This script does something and at the end launches reject_action on some
other objects. This script has proxy role of Manager.
However, when the user with role of Assignor tries to launch
employ_action, the script fails to launch reject_action on related
object. Of course, this action is available on the object and Manager
can launch it "by hand".

When I change the role on reject_action from Manager to Assignor, the
scripts works well. It looks like the proxy role does not apply to
workflow transition attempt.

Should it work like that?

Jacek
Jean-Paul Smets
2007-03-12 07:19:35 UTC
Permalink
Probably the famous feature of DCWorkflow. if you access the object as
sci.object you will get security issues. If you access this object as
sci['object'], everything should go fine.
JPS.
Post by Jacek Medrzycki
hi
I have a transition - reject_action, which requires Manager role to launch.
I have another transition - employ_action (available to Assignor) -
which triggers employ transition, which in turn triggers script (after).
This script does something and at the end launches reject_action on some
other objects. This script has proxy role of Manager.
However, when the user with role of Assignor tries to launch
employ_action, the script fails to launch reject_action on related
object. Of course, this action is available on the object and Manager
can launch it "by hand".
When I change the role on reject_action from Manager to Assignor, the
scripts works well. It looks like the proxy role does not apply to
workflow transition attempt.
Should it work like that?
Jacek
_______________________________________________
Erp5-dev mailing list
Erp5-dev at erp5.org
http://erp5.org/mailman/listinfo/erp5-dev
--
Jean-Paul Smets-Solanes, Nexedi CEO - Tel. +33(0)6 62 05 76 14
Nexedi: Consulting and Development of Libre / Open Source Software
http://www.nexedi.com
ERP5: Libre/ Open Source ERP Software for small and medium companies
http://www.erp5.org
Rentalinux: Desktop Linux Server
http://www.rentalinux.com
Jacek Medrzycki
2007-03-12 16:02:39 UTC
Permalink
Post by Jean-Paul Smets
Probably the famous feature of DCWorkflow. if you access the object as
sci.object you will get security issues. If you access this object as
sci['object'], everything should go fine.
JPS.
Well, I access it as sci['object'] and it is not working :(

J.
Alexandre Boeglin
2007-03-12 16:09:48 UTC
Permalink
Post by Jacek Medrzycki
When I change the role on reject_action from Manager to Assignor, the
scripts works well. It looks like the proxy role does not apply to
workflow transition attempt.
That's exactly the issue: proxy roles in zope (at least in 2.7, I
haven't checked in other releases) is a bit of a hack. If it is not
handled explicitely, it is just not handled at all. a simple grep for
_proxy_roles in the Products can tell you this.


Regards,
Alex
Jérôme Perrin
2007-03-13 07:41:59 UTC
Permalink
Post by Alexandre Boeglin
Post by Jacek Medrzycki
When I change the role on reject_action from Manager to Assignor, the
scripts works well. It looks like the proxy role does not apply to
workflow transition attempt.
That's exactly the issue: proxy roles in zope (at least in 2.7, I
haven't checked in other releases) is a bit of a hack. If it is not
handled explicitely, it is just not handled at all. a simple grep for
_proxy_roles in the Products can tell you this.
The issue is also that each time we get an unauthorized error, we think proxy
role ;) here it's different, you should call the workflow method. Workflow
methods define the logic of the workflow, *_action transitions are for user
interaction.

J?rome

Loading...