Tres Seaver wrote:
I don't get the issue here, I guess; either anonymous users can view objectIds (through the web, through XML-RPC, whatever), or they can't (because you don't want them to have the information that a given object is there, I guess?)
Perhaps you just don't want to expose internal implementation details to them. Users have no business viewing 'standard_html_header' directly, for instance.
If they can't, then _any_ DTML method which calls objectIds() should be required to have non-anonymous permissions, either through the AUTHENTICATED_USER or through proxy roles. This seems to be working as designed in the current implementation. Turning off objectIds() by default is like running an anonymous FTP server but disallowing the "dir" command: it reduces the utility of the server to such an extent that you might as well not bother. :)
I think this picture changes if you make the distinction between viewing as an anonymous user, viewing as the manager, viewing through XML-RPC, etc. I think the idea is that a random person on the web should only be able to view that which that user is explicitly allowed to view. Preferably the user should not have the capability to access things directly that are actually only DTML/Python methods used to *produce* the view. If you could say to a method that it is like that, you can make a distinction that can currently not be made. i.e. a 'viewable through URL' permission (default set to off). Regards, Martijn