[Zope] Access Control vs Publishing Protoco

Dieter Maurer dieter@handshake.de
Tue, 10 Oct 2000 21:32:07 +0200 (CEST) 

Seb Bacon writes:
 > For me, the 'visibility' problem is a real bugbear.  Apart from the
 > 'security' issue of anon. users being able to list objectIds, it means I am
 > loathe to allow clients to manage their sites through the manage interface.
 > This is because they'll see it littered with methods which pop up a login
 > box whenever they click on them.  It looks horrible and unprofessional.
I just tried what would happen (as I did not believe it would be
as bad as you described it):

  * I gave "Anonymous" the "View Management Screens" permission
    for a folder.

  * I was then able to access the manage URL for the folder
    (without authentication), but the main frame displayed
    an acquired "index_html" rather than the folders content
    view.

  * I tried to manage a containing DTML method, but a login
    was requested: "No authentication header".
    Apparently, DTML method management requires at least
    an authenticated user.

Thus, I played with an authenticated user.
The behaviour was not too bad (though not completely satisfactory).

As you expected, the folder contents displayed all containing
objects, even objects I did not have "View" permissions.
When I clicked on such an object, I got an "manage_workspace" screen
with just the "ownership" tab. Not overwhelming but not too bad either.
When I had "View" permissions but no "change" permissions, I
did not get a "manage_workspace" screen, but the object was
viewed automatically. Not what I would have expected, but not too bad
either.
When I had a "change" permission, I got the expected "manage_workspace"
screen.
    

 > Anyway, I agree with Dieter / Chris.  Adding a 'URL Traversable'
 > ('listable'?) permission to all objects and then tweaking methods that do
 > the traversing (objectIds, objectValues) would presumably fix this?  Would
 > this be easy?  I've never had a look at the security internals, but I'm
 > looking forward to having a go...
I think, the implementation would be easy.
Management, however, would be more difficult, as there are no
good defaults for the "URL Traversable" permission.
It is not easy, to determine (e.g.) for a DTML method/document
whether it is only used as a component (such as
"standard_html_header") or is a full grown presentation method.


Dieter