[Zope-dev] title_or_id permissions on Files
Christopher N. Deckard
cnd@ecn.purdue.edu
Sat, 11 Jan 2003 16:15:24 -0500
On Sat, 11 Jan 2003 19:09:08 +0100, Dieter Maurer spoke forth:
> Brian R Brinegar wrote at 2003-1-10 16:28 -0500:
> > Very possible. In any case, is this the correct behavior? Show
> > a method be protected if it isn't protecting any data?
> You never know what people want to hide.
>
> There have been many complaints that people can find out which
> "id"s are used in a Web site. "title"s provide much more
> detailed information.
>
> Personally, I am for openess, not only for open source
> but also for open Web sites (not that anyone can put spam on
> it or modify the content, but that anyone can see how it was
> done). I would not hide "id", "title", ...
I would agree that id and title should be open, but what Brian's
initial concern was about was that access to id and title are
sometimes controlled by the "Access Contents Information"
permission, and other times they are controlled by the "View"
permission. The goal is for consistency with the use of the
permissions. Not just in the core products, but some "standard"
that people should follow when creating their own products.
-Chris