kosh@aesaeion.com writes:
__call__, __bobo_traverse__
I have been going through my products trying to lock things down more using the new security model and I have been making all the security explicit. Mostly because it makes it easy to change and easy to see what the permissions are. However what kinds of security should those two items have? private? public? protected? if protected what permission should they be protected by? What is a good place to find this information overall since it doesn't seem to be in the zope developers guide which I kind of expected some of this kind of info in. Currently, there is no need to protect "__bobo_traverse__". This method can only be called from an unrestricted context...
With respect to "__call__": the permission that protects "__call__" should depend on what "__call__" usually does: E.g., for "DTMLMethod.__call__", the permission is "View", but for the "__call__" of Z SQL methods, it is "Use database methods".... Dieter