[Zope] Access Control vs Publishing Protoco
Dieter Maurer
dieter@handshake.de
Fri, 13 Oct 2000 21:41:22 +0200 (CEST)
Seb Bacon writes:
> OK, I think we're talking about the same thing now...but could you give me
> an example of any object that would need to be traversable by Anonymous?
> index_html, for example, doesn't need to be traversable (I still prefer
> 'listable'). Viewable TTW, yes, but that's all.
I do not agree with you:
I should be able to list what I am able to view (in order to
learn what I can view).
I think, more than 30 per cent of my objects are like "index_html".
They are designed to be viewed by Anonymous.
The others are not destined to be viewed but to be used as
components in viewed objects (like "standard_html_*").
The current Zope security requires that Anonymous has
view permissions for them, too. But this allows Anonymous to
view them in isolation which almost surely will give
strange results (exceptions, empty pages, etc.).
My primary concern (and maybe Chris') is, how can we prevent
these objects to be viewed by Anonymous. If we succeed, then
Anonymous can do nothing at all with them and it is no longer
necessary to list them (for him).
Thus, a solution for this problem may also be a solution for
the other problem.
However, a "listable" permission would not solve the distinction
between directly viewable via the web and only indirectly viewable.
Dieter