控制对未来内容的访问 [英] Control access on future content

问题描述

这主要是关于未来定时的公共内容，但不仅限于此.

this is mostly about public content timed on the future, but not only.

在标准的 Plone 站点中，如果您创建的顶级内容未显示在导航上(仍然是私有的)，那么您将其设为公开(通过工作流)并显示在导航上，但稍后您对其进行计时将来它会再次从导航中消失.

In a standard Plone site if you create a top-level content is not shown on the navigation (is still private), then you make it public (via workflow) and it shows up on the navigation, but later you time it in the future and again it disappears from the navigation.

不过，到那时，如果匿名/登录用户知道 URL，他们将能够看到内容.

Still, at that point, if an anonymous/logged-in user knows the URL they will be able to see the content.

在我们的例子中，一份报纸，我们不仅有那些(内容定时到未来)，而且我们还有不同的用户角色，他们需要或不需要看到这些内容(付费订阅者/高级用户......).

In our case, a newspaper, we not only have that (content timed to the future) but we also have different roles of users which need or don't have to see that content (paid subscribers/premium users...).

检查View权限，即

security = getSecurityManager()
if security.checkPermission('View', obj):
   # user can see the object

还不够.

检查查看权限以及内容是否在未来，即

Check for view permission and if the content is in the future, i.e.

security = getSecurityManager()
if security.checkPermission('View', obj) and 
        not object.effective_date.isFuture():
   # user can see the object

这还不够，因为有些用户确实需要看到未来的内容(即内容编辑器)，而普通用户不应该看到，而且高级用户应该看到它们，所以实际上可以这样做:

again is not enough as some users do need to see future content (i.e. content editors) while normal users should not and on top of that premium users should do see them, so something like this would actually do:

security = getSecurityManager()
if security.checkPermission('View', obj) and 
        (not object.effective_date.isFuture() or 
         security.checkPermission('Can see future content', obj):
   # user can see the object

但问题是:因为这必须在整个网站(引导页面、文章、交叉链接、导航、搜索...)中使用，所以感觉不对，而且必须重复所有内容非常乏味这会到处检查.

But the question then is: as this has to be used throughout the website (lead pages, articles, cross-linking, navigation, searches...) it doesn't feel right and is quite tedious to have to repeat all this checks all over everywhere.

有没有其他方法可以解决这个问题?

Is there any other approach on how to solve this?

推荐答案

有一个插件产品可以满足您的需求:

there is an addon product that does exactly what you need:

collective.wfeffectiverange

collective.wfeffectiverange

它的工作原理是添加一个 cron 作业，该作业查找尚未发布(未来生效日期)或已过期(已达到到期日期)的内容，并在这种情况下应用工作流转换.

it works by adding a cron job that looks for not yet published (effective date in the future) or expired (expiration date reached) content and apply a workflow transition in this case.

见https://pypi.python.org/pypi/collective.wfeffectiverange了解更多信息

这篇关于控制对未来内容的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！