You are here: Home Blog Time-based publishing in Plone with higher security

Time-based publishing in Plone with higher security

by Sasha Vinčić Aug 23, 2010 09:55 PM
In Plone it's always been possible to do time-based publishing and here is a tip how to make it even safer and more secure.
Time-based publishing in Plone with higher security

Powerful Workflow Engine

Plone's powerful workflow system let you control security of each object in each state. With time-base publishing you want a new document to appear first when the effective date has been reached. In some cases you need to keep the document safe and protected from public before the effective date is reached. With Plone standard workflow the document that is in published state has already permissions which allows public to access it if they know the url even if it should be published in the future. In most cases this is enough since Plone will hide the document from searches and listings but in some cases it would be a disaster if someone accessed a document before the intended time, i.e stock market information.

Add an automatic transition to your workflow that is triggered if the publish date is in the future. Make it go from 'published' state to  "Published (future)" which should have the same permissions as the Private state. Then use the zope built in cron like system to call a simple script that finds all content in 'Publshed (future)' state with publish date before now and publishes them.

This way you will avoid security by obscurity, i.e having accessible content laying around on your websites even though it should be protected.

Need help with Plone?

Contact Sasha Vinčić at +46708 840 660 or online form.

Do you want to know more about Plone?

Read in the Plone brochure (Swedish) or contact us


Filed under: , ,
comments powered by Disqus