Using plone.api.transition in anon browser view

espenmn · May 3, 2017, 1:07pm

can I use

 api.content.transition(context, transition='something')

For a browser view visited by a user not logged in (anon)

The reason for this is

A mail is sent to someone with a link to /somewhere/@@someview?his@email.com&something
The browser view checks the url and then
The browser view changes state of the content to 'has_been_visited' (confirmed)

zopyx · May 3, 2017, 1:34pm

Why shouldn't that work? Every transition is protected by a permission so adjust your workflow settings for this particular transition.

-aj

alert · May 3, 2017, 1:48pm

Yes you can!

Just use it with a context manager that gives the anonymous user enough power.

Something like this:

with api.env.adopt_roles(['Member', 'Authenticated', 'Manager']):
    api.content.transition(context, transition='something')

or this:

with api.env.adopt_user(username):
    api.content.transition(context, transition='something')

should work nicely.

zopyx · May 3, 2017, 2:01pm

This is a workaround for a misconfigured workflow.

-aj

espenmn · May 4, 2017, 6:33am

Perfect...

alert · May 4, 2017, 6:53am

Great that it works, but pay attention to @zopyx words.
You may want to adjust your wf definition to obtain the same result without privilege escalation.

tkimnguyen · May 6, 2017, 10:44pm

Yeah you should be able to set the transition's guard roles to be Anonymous, ie. non-logged in users can use the transition.