[Zope-CMF] [dev] DublinCore permissions

Tres Seaver tseaver at zope.com
Mon Dec 15 10:48:42 EST 2003


On Mon, 2003-12-15 at 03:52, Yuppie wrote:

> Is there any good reason why accessing elements of DefaultDublinCoreImpl 
> is not protected by a permission?
> 
> - I would expect 'View' or 'Access contents information' as permission.
> 
> - Document overrides security declaration for Description() with 'View'.
> 
> - DublinCore interface says all these methods are protected by 'View'.
> 
> - In CMF 1.0 these methods were protected by 'View' and I can't see why 
> that was changed.

The change was part of a larger "ZMI-ification" effort for content
objects, leading up to CMF 1.1.  Although I was the one making the
change, I don't recall the justification.

> If there are no objections I'll change the security declarations to 
> 'View'. Or would it make sense to use 'Access contents information' instead?

'View' please, and only on the HEAD;  this is a change in behavior which
people need to think harder about than I like for a "third-dot" release.

BTW, I plan to post a draft roadmap for CMF 1.5 soon (today, I hope),
and to ask for feedback.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com





More information about the Zope-CMF mailing list