Seb Bacon writes:
OK, I think we're talking about the same thing now...but could you give me an example of any object that would need to be traversable by Anonymous? index_html, for example, doesn't need to be traversable (I still prefer 'listable'). Viewable TTW, yes, but that's all. I do not agree with you: I should be able to list what I am able to view (in order to learn what I can view).
I think, more than 30 per cent of my objects are like "index_html". They are designed to be viewed by Anonymous. The others are not destined to be viewed but to be used as components in viewed objects (like "standard_html_*"). The current Zope security requires that Anonymous has view permissions for them, too. But this allows Anonymous to view them in isolation which almost surely will give strange results (exceptions, empty pages, etc.). My primary concern (and maybe Chris') is, how can we prevent these objects to be viewed by Anonymous. If we succeed, then Anonymous can do nothing at all with them and it is no longer necessary to list them (for him). Thus, a solution for this problem may also be a solution for the other problem. However, a "listable" permission would not solve the distinction between directly viewable via the web and only indirectly viewable. Dieter