Brian:
While I'm at it, is there any way to make DTML methods accessible to objects (such as other DTML methods) but not through URLs other than by a tortuous series of proxy roles? I've expressed views about an 'execute' permission in the past but these have fallen on deaf ears.
For example: http://www.codecatalog.com/standard_html_footer
This is messy and there's no reason why it needs to be exposed through a URL.
I don't have a good answer for you, though I tend to agree with you that some things just don't want to be accessed outside of some larger context. I'd like to hear some different viewpoints on how people think something like this should work...
I sounds like there's a want for a distinction of things that can and cannot be published(Viewed by URL alone). Do <dtml-var mything> and /mything use different machinery to render the calls? Is there a difference in Zope between 'publishing' and just 'rendering' or calling? If there is (because I haven't looked at any code, I'm just theorizing) they you'd want a permission that allowed processing by either/or both sets rendering and publishing methods. Way-over-my-head-bowing-out-as-I-finish-the-thoughtly yours, Jason Spisak CIO HireTechs.com 6151 West Century Boulevard Suite 900 Los Angeles, CA 90045 P. 310.665.3444 F. 310.665.3544 Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.