[Zope3-dev] RFC: Heads up! Major changes coming!

[Steve Alexander]

Jim Fulton wrote:
>
>       <zmi:factory permission_id=".Contact.ManageContacts"

That should be "ZopeProducts.Contact.ManageContacts", right?

>       <security:allow interface=".Contact.IContactInfo."  
>                       permission_id="Zope.View" />
>       <security:allow method="update"
>                       permission_id=".Contact.ManageContacts"/>

I like Guido's suggestion of require, so we'd get:

        <security:require permission_id="Zope.View"
                          interface=".Contact.IContactInfo." />
        <security:allow permission_id=".Contact.ManageContacts"
                        method="update" />

Surely "method" should be "names" now that we have name-based security ?


> - I really like the idea of explicitly defining the pages provided by
>   views and having the pages appear as pages on the content. This
>   makes page construction feel more natural, eliminating the extra URL
>   step for the view. 

+1, but will the old way still be permitted? Or is that gone completely?


>   This also eliminates the need to traverse the view and for the view
>   to control traversal. There's no need for the magic in
>   AttributePublisher.

I guess the old way is gone for good then.


>   I'd like to make this view style the default.

Please!


>   Given this, I wonder if we should switch to the namespace syntax
>   used by XPath (and perl and C++ ;)::
> 
>      aFolder/view::grants.html
> 
>   This syntax is a little nicer looking (to me :) and doesn't mess
>   with the file-extension. The only downside is that we'd have to
>   disallow ids/names that begin with identifier characters followed by
>   "::". I expect that this limitation would be acceptable.

+1

It would still be possible define a custom traversal that would have 
different rules, right?

--
Steve Alexander