[Zope-CMF] [dev] CMF 1.4 alpha

Chris Withers chrisw@nipltd.com
Fri, 28 Feb 2003 09:40:54 +0000

Florent Guillaume wrote:
> Let's separate the problems:
> - controlling viewability of instances in a folder listing depending on
> their type: if that's wanted, that should be done by folder_contents.pt
> by checking that the TI is visible. That's actually what contentIds
> does. But that's not a core security mechanism.

Thinking about this, I see what you mean. This is bogus. Viewability of 
instances should _only_ be controlled by the permissions set on them.

> - controlling viewability of the TI: there, View is fine. But what does
> "View the TI" mean? A user has to get hold of a TI if it wants to check 

Ah, I remember now. If the TI isn't viewable, it doesn't show up on the 
folder_factories form. So, my alterations which introduced this were done to try 
and solve the problem we're working on now. Obviously my attempt was a bit 
misguided :-(

> - controlling creation: that's really controlling the calling of the
> constructInstance method on the TI. And isConstructionAllowed has to be
> kept in sync. So the test for a creation permission should really be in
> isConstructionAllowed.

Indeed. I think my original 'fix' which introduced the 'View' permission thing 
on the TI was a bit broken, since you have to be able to 'View' the TI to view 
content of that type, and my effectively meant that you had to be able to create 
  content of a particular type in order to be able to view it :-(

> Ok so I guess my position is now that an "Add instances" permission is
> fine. Let's not reuse other permissions, it's not clean.

Yeah, I'd like to see my 'View' permission hack remvoed to, what do people think?

> This doesn't prevent us from adding more fine-grained guards on the
> creation, like a TALES guard. This would solve the problem of people who
> want to create only certain types in certain folders.

...that's already handled by the TI's 'can contain' list. I'd prefer not to add 
any unnecessary complexity...