Document Actions
Usage of Roles
This How-to applies to:
Plone 2.5.x, Plone 2.1.x
This How-to is intended for:
Site Administrators
Global Roles
(could be created via acl_users):
- Member
- has his/her own space under Members/membername where he/she can create/modify/submit his/her own documents. Members can't create new keywords - they are forced to use existing ones. In addition manager could promote Member to Owner or Reviewer for specified folders (or the whole site).
- Manager
- a.k.a "God"; can do anything: add/modify users, add keywords, publish/revoke/modify content. Assigns local roles for users (promotes them to specific levels). Also manager is the one responsible and able to change page templates. Nobody else has this ability.
Local roles
(never try to create them in acl_users):
MANAGER'S NOTE: don't create users with local roles in acl_users--things can go crazy. Assign roles for folders using local_role mechanism:
- Owner
- This role is defined on a per-folder basis (aquisition works here just fine - make somebody the owner of plone/a and he'll automaticaly own plone/a/b unless you specify manually plone/a/b to be owned by somebody else). An owner can also create a co-owner via local_roles and remove a reviewer (but can't assign one). This means: one folder can have more than one owner and they all will have the same rights in that folder. Owners can't assign roles beyond "Authenticated" and "Owner"
- Reviewer
- This role is defined on a per-folder basis (aquisition works here just fine - make somebody reviewer of plone/a and he automaticaly becomes a reviewer for plone/a/b unless you specify manually plone/a/b to be reviewed by somebody else). A reviewer can edit/publish content/metadata but cannot _create_ new content and play with local roles.
Workflow
From the all mentioned above current workflow for publishing looks like:
Member (Owner) --(submit)--> Reviewer --(publish)--> everybody
Other options like retract, reject, visible and private are still available.
Small explanation:
Reviewer can reject content from being published - it becomes visible (not visible in listings and related contents but accessible via direct url or from search engine).
Owner can retract content to make it visible (see above) after he submitted it to make corrections in content/metadata.
Owner can make content private disabling everybody from accessing this content and revoking content from search engine.
By default content is created with "visible" state.
Members roles are not mutually exclusive? There is no reason for a Member can't have both the member role and the reviewer role.
A good reading of what a Owner, Member or Reviewer can do in a stock Plone installation is Plone itself, in 'portal_workflow/plone_workflow/states' and 'portal_workflow/plone_workflow/transitions'.
This also answers to 'is there any reason for a Member to have both the member role and the reviewer role?' A 'Member' can create content but not publish it, only submit it for review. A 'Reviewer' can then published the content, but cannot create new content.
If a Member wants to publish his own content in his personal folder, the Manager has to assign this Member also a local role as Reviewer in his own personal folder. Or (perhaps) change the workflow (not tried yet).
Allowing anyone to publish by altering workflow
1. Go to /portal_workflow/plone_workflow/transitions/publish in the ZMI.
2. In the Guard section, in Permissions change the entry from "Review portal content" to "Modify portal content"