I remember some versions of Plone/Zope had the ability to change the Owner of content. It's still available for security and workflows but I don't see a good UI for admins to take over ownership of content. I know I can change it programmatically with Zope APIs. So is its use discouraged? Should you just never assign permissions to Owner?
Here's a use case: A workflow gives a permission (say, Modify portal content) to ["Owner", "SiteAdministrator"] so that people can edit their own content in this state, but not other users who only have the Editor role. A person who has created content then has their role in the org changed. The Site Admin wants them to still have a user account but not be able to edit content, including content they already created. I would think they'd want to remove any Editor/etc roles and then also take ownership of their content, but there's no UI for that.
Eric via Plone Community wrote at 2024-2-26 22:40 +0000:
I remember some versions of Plone/Zope had the ability to change the Owner of content. It's still available for security and workflows but I don't see a good UI for admins to take over ownership of content. I know I can change it programmatically with Zope APIs. So is its use discouraged? Should you just never assign permissions to Owner?
You must distinguish the role "Owner" from the so called
"executable ownership".
The "Owner" role is typically used as a local role and identifies
the user which has created the object. It is managed in the
way typical for local roles. It may be relevant for all types of content.
Plone manages local roles via the "Sharing" functionality.
The "executable ownership" is important only for
executable content (such a templates or scripts), managed via the Web.
When the executable content is executed, the effective
permissions are limited to those of the executable owner
(in addition to those of the current user).
This should prevent that someone with few priviledges creates
malicious executable content which does bad things when executed
by someone with high priviledges.
Management of the "executable ownership" is via "take ower ownership".
Here's a use case: A workflow gives a permission (say, Modify portal content) to ["Owner", "SiteAdministrator"] so that people can edit their own content in this state, but not other users who only have the Editor role. A person who has created content then has their role in the org changed. The Site Admin wants them to still have a user account but not be able to edit content, including content they already created. I would think they'd want to remove any Editor/etc roles and then also take ownership of their content, but there's no UI for that.
You could look at the "Sharing" tab whether it allows to manage
the "Owner" local role.
Otherwise, you can use the "manage_access" ZMI functionality;
the corresponding page has an area destined for the management of
local roles.
Yes, I saw this in another issue. I am concerned only about the first one, the Owner role.
I am not completely following you on this. The @@sharing page allows assignment of roles that implement plone.app.workflow.interfaces.ISharingPageRole which is Reader, Viewer, Editor, Contributor. Owner is not included.
I do see that I can set or remove local roles in the ZMI at manage_listLocalRoles, via manage_access, thanks! I missed that. But I still don't see any way to do this in the Plone interface. That's why I ask, is this is intentionally discouraged?
This seems like it might work to make it assignable, but I need to test more.
Again, please do not interpret my question as , "why didn't those silly Plone developers put something in here to do this?" My question is, did the Plone developers intentionally leave out the ability to change Owner role, and if so, why? Because I don't want to implement my own customization only to find out I've introduced some big problem that the core devs knew about and discarded long ago!
You are right that it makes sense to be able to have the owner role in the UI. You can have a scenario where a page is made private again and only the owner and the admin can edit it and as you say, you may not want that user to be able to edit it anymore.
I don't see why making it a visible role on sharing won't work. The other way we've made this changeable before is via content rules. For example a two stage workflow where the first user enters the name of a reviewer in a scheme field and then the content rule will set that user as the new owner. Or you could just set a group as the owner on publishing.