I would like to create a website section (folder) where users (“Members“) can add, edit and delete their own content, but not edit or delete the folder itself or the content created by other users.
I tried to achieve this by creating a custom single-state workflow, where “Owner” has the “Delete objects” permission. However, in this setup, the users can’t delete their own content in folders created by other users.
An obvious workaround would be to grant them the “Contributor” and “Editor” roles through the sharing tab, but that would also allow editing the top-level folder and the other users content, which I want to avoid. I am probably missing something simple here, but I can’t figure out how to set up the permissions correctly for these case.
It looks like collective.deletepermission was designed exactly to address this case, but it hasn’t been maintained for a few years and I could not immediately install it on the latest Plone 6.
I’ll take a look at the add-on. I forgot how necessary it still is for Plone 6.
On my current installations, I more or less just replaced the “Delete Objects” check on the container with an “Add portal content“ check. You have to patch it, though. The result is basically the same as in the add-on. It’s just more explicit to have a dedicated permission for that purpose.
That would be awesome if you could upgrade the add-on, @maethu! To me, this setup seems like something that’s often needed and should be easy to implement - but it turns out to be quite tricky in practice.
