Seb Bacon writes:
....
Currently, Zope tries to have very few explicit, object specific permissions. The ideal is that permissions are specified high above in the hierarchy and acquired by lower objects. This is quite possible with the current scheme. Implementing an "URL accessible" permission would require much more tweaking of single object permissions.
There are other ways to solve your problem by organization (putting things that should not be seen somewhere else) that do not require an additional permission.
Now I understand... I would disagree, however: I think there is a sensible default value. The default would be that anonymous does not have 'traverable' permission, but the manager / owner does.... The "traversable" permission would be an additional requirement to view any object. Its main purpose would be to distinguish between "use via Web" and "use in DTML only". "standard_html_*" would be usable in DTML but could not be viewed via the web. They would not give "traversable" permission to Anonymous. Many DTML objects, however, would need to give the "traversable" permission even to Anonymous in order to be useful.
Dieter