Working Copy Permissions and Workflow (Iterate)
We are trying to implement a custom validation policy for the Plone Document control system. In this case, we would like to be able to have working copies of published documents after a certain period of time.
Iterate seems to be perfect for this.
However, we only need the extract to be available for published documents. So here's the reasoning .... Since the workflow controls multiple permissions, we added both "iteration: content validation" and "iteration: content validation" to the Permissions tab in the portal_workflow tool. We then checked the boxes on the permissions tabs for individual workflow states for those people who have checkout rights. However, in the front-end, everyone has the ability to check documents regardless of the state the document is in.
What are we missing?
PS: We already checked the document for "Configuring Work Copy Workflow" and in our opinion this is due to a change in the workflow to check documents that are not intended here ...
source to share
The problem here I think is the checkout_allowed method in plone.app.iterate / browser / control: Control.
It doesn't check for any permissions before allowing the user to checkout (it assumes if the user can view it, they should be allowed to check it in the home folder, etc. - I guess that's a reasonable use case).
Then, in portal_actions / object_buttons / iterate_checkout, it just uses the View permission to allow placement of that button.
So, to be completely correct for this, you will need to customize the checkout_allowed method and the permission used in the action.
To do this quickly and easily, so that the user just doesn't see the button, change the button's resolution to "iterate: upload content".
source to share