[Zope-CMF] [dev] CMF 1.4 alpha
Fri, 28 Feb 2003 09:40:54 +0000
Florent Guillaume wrote:
> Let's separate the problems:
> - controlling viewability of instances in a folder listing depending on
> their type: if that's wanted, that should be done by folder_contents.pt
> by checking that the TI is visible. That's actually what contentIds
> does. But that's not a core security mechanism.
Thinking about this, I see what you mean. This is bogus. Viewability of
instances should _only_ be controlled by the permissions set on them.
> - controlling viewability of the TI: there, View is fine. But what does
> "View the TI" mean? A user has to get hold of a TI if it wants to check
Ah, I remember now. If the TI isn't viewable, it doesn't show up on the
folder_factories form. So, my alterations which introduced this were done to try
and solve the problem we're working on now. Obviously my attempt was a bit
> - controlling creation: that's really controlling the calling of the
> constructInstance method on the TI. And isConstructionAllowed has to be
> kept in sync. So the test for a creation permission should really be in
Indeed. I think my original 'fix' which introduced the 'View' permission thing
on the TI was a bit broken, since you have to be able to 'View' the TI to view
content of that type, and my effectively meant that you had to be able to create
content of a particular type in order to be able to view it :-(
> Ok so I guess my position is now that an "Add instances" permission is
> fine. Let's not reuse other permissions, it's not clean.
Yeah, I'd like to see my 'View' permission hack remvoed to, what do people think?
> This doesn't prevent us from adding more fine-grained guards on the
> creation, like a TALES guard. This would solve the problem of people who
> want to create only certain types in certain folders.
...that's already handled by the TI's 'can contain' list. I'd prefer not to add
any unnecessary complexity...