Ok, so what do you propose Brian? You have a point by stating that you want the Zope-permissionsystem to be action-based in stead of protocol based. But then: listing a site's content via the DAV-protocol does not work the same as via normal http-based protocol: when index_html is present, the site's content (and sub-directory-structure) is effectively masked via normal http-access (I think).
So when a certain permission (like Acces Contents Information) effectively behaves different under different access-protocols, this action-based permission policy seems to me to be inadequate...
I agree that it is inadequate; what I am proposing is not an ultimate solution for that, it is a short term fix to solve some people's immediate problem (exposing site structure via DAV PROPFIND). Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com