Hi Brian,
As far as GET / PUT, these are not distinguishable from a non-DAV GET / PUT (but those operations are protected by action-specific permissions anyway).
So this is not a 100% solution, just one that happens to be a light-weight way to allow people to solve their immediate problem (in basically the same way we solve it for FTP).
Ok, so what do you propose Brian? You have a point by stating that you want the Zope-permissionsystem to be action-based in stead of protocol based. But then: listing a site's content via the DAV-protocol does not work the same as via normal http-based protocol: when index_html is present, the site's content (and sub-directory-structure) is effectively masked via normal http-access (I think). So when a certain permission (like Acces Contents Information) effectively behaves different under different access-protocols, this action-based permission policy seems to me to be inadequate... Greetings, Antwan.
Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )