[Zope] CopySupport methods permissions - do they make sense?

Dave Parker dparker@globalcrossing.com
Thu, 04 Nov 1999 10:38:17 -0600


I'm doing a site that allows membership.  When users sign up, I create a
folder with an acl_users folder and a user for them. All the folder/user
creation happens as an anonymous user, which should be ok 'cause the
only way they can do these things is via my logic.

Problem is, I'd also *like* to copy or clone a index_html page into the
user's new folder. 

What I think I've found, however, is that pretty much all of the methods
in OFS/CopySupport.py require "View management screens" permissions in
order to do copy/clone operations.  Delete operations, on the other
hand, have their own permission setting.  Does this make sense?  I
really don't want to have to turn on "View management screens" for
anonymous users, and I don't think I should have to just to use
copy/clone methods.

IMHO the copy operations should have their own seperate permission as
delete does.  What do you think?


As a completely seperate aside, it'd be nice if, when access fails due
to permissions, Zope would report on just what sort of permission would
be required in order to accomplish the operation in question.  As it
stands it's an easter egg hunt and it's not too fun.