I'm looking to make content generated within a shared folder, visible only to its creator and siteadministrator. My general idea was that the content, if state was set to private, would only be visible to its creator. A custom template only renders the items created by the user viewing the folder - allthough it is currently possible to navigate to the content through the url. Example:
If my-content was created by user1 it can still be accessed by user2 if they simply navigate to the url. I probably missunderstand how the correlation between ownership and viewpermission works, but I have not been able to find any documentation explaining this (granted I may be searching in the wrong place).
My question is;
Is this functionallity achiveable?
And if so, what documentation would cover the steps involved?
This primary permission based protection affects your view. If your view is implemented in Python rather than by a template, then there are no automatic permission checks related to the viewed object. In a template, permission checks are active - but most attributes of a content object are protected by the so called object permission (which usually is Access contents information and this is typically granted to Anonymous). Only if the template accesses an attribute protected by the `View' permission, a user without this permission will not be able to view the object.
If a content object is viewed via a view based on main_template, then viewlets are active. This allows you to add a viewlet that checks access based on the View permission of the viewed content object (this can also be used to check other things, e.g. that the content view falls into the publishing period of the object). Views not based on main_template usually directly require the View (or stricter) permission.
That you have protected your view with the permission zope2.View should be sufficient to prevent users to use it without the View permission. The View permission would first be checked on the view itself (and there is should not be immediately available) and then the checks would ascend the acquisition/__parent__ chain until either the View is granted or further inheritance is disabled. Usually, these checks would stop at the content object.
Are you sure that your content objects do not grant the View permission to unprivileged users or inherit it? Formerly, the ZMI had a tab Security to verify (and manage) things like this. This was hidden in more recent versions (because it is easy to get astonishing results by changing the permission to role mapping manually). However, you can still access its functionality by appending /manage_access to the content object url.
That was my thought process when implementing it in this way (according to how I have interpreted the documentation) - but you may definently but onto something in regards to this:
I will definently look into the /manage_access functionality - I had no idea that it could be accessed this way (still new to Plone ). Thank you for your response again Dieter!
EDIT: The generated content was indeed inheriting the permission from its parent - as found when accessing the @@sharing tab on that content item. I then handled this setting using my_content.__ac_local_roles_block__ = True upcon creation of new content - as presented in this post on stackoverflow.
Thanks again for your help, both Dieter and Andreas.