espenmn
(Espen)
May 3, 2017, 1:07pm
1
can I use
api.content.transition(context, transition='something')
For a browser view visited by a user not logged in (anon)
The reason for this is
A mail is sent to someone with a link to /somewhere/@@someview ?his@email.com&something
The browser view checks the url and then
The browser view changes state of the content to 'has_been_visited' (confirmed)
zopyx
(Andreas Jung)
May 3, 2017, 1:34pm
2
Why shouldn't that work? Every transition is protected by a permission so adjust your workflow settings for this particular transition.
-aj
alert
(Alessandro Pisa)
May 3, 2017, 1:48pm
3
Yes you can!
Just use it with a context manager that gives the anonymous user enough power.
Something like this:
with api.env.adopt_roles(['Member', 'Authenticated', 'Manager']):
api.content.transition(context, transition='something')
or this:
with api.env.adopt_user(username):
api.content.transition(context, transition='something')
should work nicely.
2 Likes
zopyx
(Andreas Jung)
May 3, 2017, 2:01pm
4
This is a workaround for a misconfigured workflow.
-aj
2 Likes
alert
(Alessandro Pisa)
May 4, 2017, 6:53am
6
Great that it works, but pay attention to @zopyx words.
You may want to adjust your wf definition to obtain the same result without privilege escalation.
Yeah you should be able to set the transition's guard roles to be Anonymous, ie. non-logged in users can use the transition.