Workflow lets us grant view or edit permission on an entire Dexterity content item, per state, but I’m wondering how to grant a user edit permission on only a subset of fields.
Barring that possibility, I’m ok granting a user edit permission on a content item if I can display the edit widgets for only that subset of fields.
Is there a way to customize the default Dexterity edit form to do that, or must I invoke Cthulhu and try to build an unspeakable monstrosity using (totally guessing) plone.autoform or z3c.form?
We are doing this TTW using this PR (which hopefully @smcmahon can review soon??)
essentially gives us the ability to fiddle with the widgets and the schema before the form is rendered.
In filesystem python you'd probably do something similar or if you can use permissions then use this https://docs.plone.org/external/plone.app.dexterity/docs/advanced/permissions.html#protecting-form-fields
You can grant permissions per field on the supermodel like
field name="kennung" type="zope.schema.TextLine" security:write-permission="cmf.ManagePortal">
Thanks @djay @zopyx - I knew that a while ago but had forgotten!
...so then, instead of setting write_permission for a field X using standard permissions like 'Modify portal content' I'd use something like 'Modify field X', then, in each workflow state, I'd grant that permission to custom roles, e.g. 'Management_Financial'?
I am not sure about
write-permission accepting only a registered permission or also its textual representation.