Martijn Faassen wrote:
Various things. What you'd need is turn off 'view' permission by default for just about *everything* except possibly DTML Documents, otherwise it's just too easy to set up a site that exposes too much. Exposure to URLs should be turned off by default.
Well, this is why doing it with permissions is great because you can set it to your preference in the root folder and aquire it from there onwards...
Everything would still have 'execute' permission, so I don't think that should be a permission at all, as everything really has it and nothing can do without it anyway.
Yes, but you may want to restrict WHO can execute something. Perhaps you have a method that only managers should be able to execute, and no-one should be able to 'view'.
'view' and 'access' merge into a single thing called 'access'.
I still don't really see any point in the 'access' permission and, in fact I've just been bitten badly by it (see my RecentChanges post to the Zope list...)
the question is if you really ever want that in a site. You usually only call such methods from DTML.
Not so, try out ZWiki's ;-) I notice there is an FTP permission already. Maybe there should be: - an execute permission - a 'view' permission for each 'server': HTTP, FTP, XML-RPC... cheers, Chris