Toby Dickenson wrote:
IMO their goals are achieved better, and simpler, with a HOWTO that explains how to configure the 'access contents information' permission.
That's not been my experience, but maybe that How-To would help :-) Care to write it? ;-)
I think perhaps you havent appreciated the simplicity of the current arrangement - all protocols work the same.
That remains to be proved, even given the DTML wart you mentioned ;-)
Your word 'accidentally' is a good hint as to the reason. A better (IMO) principal is 'protocol independance' - a method should behave the same no matter how it is called.
Protocol independence is not necessarily a good thing in this case. Different protocols have different capabilities. For example, you might trust someone a lot more if they were using HTTPS rather HTTP. So, there is a disagreement here. What I proposed would enable us both to be happy, without anymore work on your part thanks to defaults that leave things as they are now. Your point of view leaves only you happy ;-)
How would you hide things like standard_html_header and _footer from users?
Im not sure why they need to be, please explain. I dont think 'tidyness' is a sufficient reason.
I do, and I'm sure others do to. It's doesn't look very professional when things like http://www.zope.org/standard_html_header and http://www.cbsnewyork.com/objectIds are left hanging out. http://www.cbsnewyork.com/rubbish ain't none too nice either, likewise http://www.cbsnewyork.com/manage... cheers, Chris