Chris Withers wrote:
The solution I proposed before is simple (maybe not to implement ;-) and I think solves all the problems:
Split the current 'view' permission into two new permissions: 1. View - allow users to directly access an object through HTTP/FTP/XML-RPC/etc 2. Execute - allow non-direct execution of a method by a user, for example by them viewing another method/object which they have the 'view' permission for.
[snip]
Comments? (hopefully I'll get some this time... ;-)
Various things. What you'd need is turn off 'view' permission by default for just about *everything* except possibly DTML Documents, otherwise it's just too easy to set up a site that exposes too much. Exposure to URLs should be turned off by default. Everything would still have 'execute' permission, so I don't think that should be a permission at all, as everything really has it and nothing can do without it anyway. Anyway, see my other posts. I think you would need to do something like this: 'view' and 'access' merge into a single thing called 'access'. 'access' then gets split into 'access through URL', 'access through FTP', 'access through XML-RPC'. By default, 'access through URL' is turned *off* for anonymous surfers for all objects. You need to turn this on explicitly. Note that you quickly overestimate the amount of cases this needs to be done. In fact, I think in the site I have in production use here, there's just one or two index_html's that need to be given 'access through URL' permission. :) The tricky bit is if you want methods on objects that *are* accessible through URLs. There doesn't seem to be a good way to do that now, but the question is if you really ever want that in a site. You usually only call such methods from DTML. Regards, Martijn