[Zope3-dev] RFC: Heads up! Major changes coming!
Steve Alexander
steve@cat-box.net
Tue, 28 May 2002 14:20:50 +0100
Jim Fulton wrote:
>
> <zmi:factory permission_id=".Contact.ManageContacts"
That should be "ZopeProducts.Contact.ManageContacts", right?
> <security:allow interface=".Contact.IContactInfo."
> permission_id="Zope.View" />
> <security:allow method="update"
> permission_id=".Contact.ManageContacts"/>
I like Guido's suggestion of require, so we'd get:
<security:require permission_id="Zope.View"
interface=".Contact.IContactInfo." />
<security:allow permission_id=".Contact.ManageContacts"
method="update" />
Surely "method" should be "names" now that we have name-based security ?
> - I really like the idea of explicitly defining the pages provided by
> views and having the pages appear as pages on the content. This
> makes page construction feel more natural, eliminating the extra URL
> step for the view.
+1, but will the old way still be permitted? Or is that gone completely?
> This also eliminates the need to traverse the view and for the view
> to control traversal. There's no need for the magic in
> AttributePublisher.
I guess the old way is gone for good then.
> I'd like to make this view style the default.
Please!
> Given this, I wonder if we should switch to the namespace syntax
> used by XPath (and perl and C++ ;)::
>
> aFolder/view::grants.html
>
> This syntax is a little nicer looking (to me :) and doesn't mess
> with the file-extension. The only downside is that we'd have to
> disallow ids/names that begin with identifier characters followed by
> "::". I expect that this limitation would be acceptable.
+1
It would still be possible define a custom traversal that would have
different rules, right?
--
Steve Alexander