Actor

WorkflowDesigner

Documentation

In a business process, the workflow state of an object usually affects who is allowed to perform non-workflow actions on the object. For example, in the CMF default workflow, the owner of a piece of content is allowed to edit it when it is in the private state, but not when it is in the published state. Anonymous users are allowed to see a piece of content only if it is in the published state.

CMF accomplishes this by updating the role to permission mappings for objects based on their workflow state. To do this in your own workflow, first determine which permissions should be managed by your workflow by selecting them using the workflow "Permissions" tab.

Then visit the "Permissions" tab of each state and select which roles should have which permissions. This screen is very similar to the familiar "security" tab. Remember to turn off the "acquire permission" checkbox as necessary.

The role to permission mappings are stored on the objects themselves because that is where they Zope has always stored them. Unfortunately this means that when you change the role to permission mappings in the workflow you need to make sure the changes are applied to the content objects throughout the system. But there is an easy workaround: the default portal_workflow tool has a button you can click to update the role to permission mappings in all content objects.