this is mostly about public content timed on the future, but not only.
In a standard Plone site if you create a top-level content is not shown on the navigation (is still private), then you make it public (via workflow) and it shows up on the navigation, but later you time it in the future and again it disappears from the navigation.
Still, at that point, if an anonymous/logged-in user knows the URL they will be able to see the content.
In our case, a newspaper, we not only have that (content timed to the future) but we also have different roles of users which need or don't have to see that content (paid subscribers/premium users...).
Checking for View permission, i.e.
security = getSecurityManager()
if security.checkPermission('View', obj):
# user can see the object
is not enough.
Check for view permission and if the content is in the future, i.e.
security = getSecurityManager()
if security.checkPermission('View', obj) and \
not object.effective_date.isFuture():
# user can see the object
again is not enough as some users do need to see future content (i.e. content editors) while normal users should not and on top of that premium users should do see them, so something like this would actually do:
security = getSecurityManager()
if security.checkPermission('View', obj) and \
(not object.effective_date.isFuture() or
security.checkPermission('Can see future content', obj):
# user can see the object
But the question then is: as this has to be used throughout the website (lead pages, articles, cross-linking, navigation, searches...) it doesn't feel right and is quite tedious to have to repeat all this checks all over everywhere.
Is there any other approach on how to solve this?
1.) Create a contenttype per privilege-level you want to have ('premium', 'paid subscriber') and assign a dedicated workflow to each, holding at least the states 'editors-review' and 'premium-published', respectively 'editors-review' and 'paidsub-published', and wire the states to equivalent roles ('editors', premiumusers', 'paidsubscribers'), to grant the View-permissions, as intended. Additionally it is recommandable to create a group for each role, wire them together, and assign the users to the groups, instead to roles.
2.) Use collective.contentrules.comingsoon to apply a contentrule which sets the state from 'editors-review' to 'premium-published', respectively 'editors-review', when the publishing-date is met (executed via a browserview, triggered of a cron).
3.) To overcome Plone's default setting, that items with a publish-date set in the future won't appear in navi-elements, you need to customize/override the refering templates. That'll include globalnav, navportlet, sitemap, folder_listing, etc.