[Zope-dev] Execute Permission thoughts...

[Chris Withers]

Hi,

I mentioned this briefly on the Zope list but I think it sits better here...

You can currently access things like standard_html_header, etc from any site url
(www.zope.org/standard_html_header for example) along with withods like
title_or_id and objectIds. 

This isn't nice. For starters, dtml methods that are used to display bits of
pages probably won't display well on their own. Secondly, things like objectIds
and perhaps more important methods probably shouldn't be available for security
reasons. Finally, it doesn't give a 'user experience' of a nice tight, well
engineered site if you can get at all this stuff.

I know you can get around this with proxy roles and the like, but this is a real
pain to do for a whole site. It also means you get an authorization error,
whereas what I'd personally prefer is a 404 not found, so people don't even know
it's there.

The solution I'd suggest is very simple from a usage point of view:
For every Zope object add a new 'execute' permission. Also, change
the idea behind the 'view' permission to be more like it's name.
So, if a user has 'view' rights on an object, they can access it through a URL
or an FTP client.
If a user has 'execute' rights on an object then if it's referenced in another
object or method (like standard_html_header is), it can still be executed even
if the user has no view rights.

So, standard_html_header, for example, would have execute but not view
permissions for the anonymous user.
How do other people feel about this?

I'd be more than happy to give coding this a crack if people could give me some
pointers as to where to start.

cheers,

Chris