Seb Bacon writes:
For me, the 'visibility' problem is a real bugbear. Apart from the 'security' issue of anon. users being able to list objectIds, it means I am loathe to allow clients to manage their sites through the manage interface. This is because they'll see it littered with methods which pop up a login box whenever they click on them. It looks horrible and unprofessional. I just tried what would happen (as I did not believe it would be as bad as you described it):
* I gave "Anonymous" the "View Management Screens" permission for a folder. * I was then able to access the manage URL for the folder (without authentication), but the main frame displayed an acquired "index_html" rather than the folders content view. * I tried to manage a containing DTML method, but a login was requested: "No authentication header". Apparently, DTML method management requires at least an authenticated user. Thus, I played with an authenticated user. The behaviour was not too bad (though not completely satisfactory). As you expected, the folder contents displayed all containing objects, even objects I did not have "View" permissions. When I clicked on such an object, I got an "manage_workspace" screen with just the "ownership" tab. Not overwhelming but not too bad either. When I had "View" permissions but no "change" permissions, I did not get a "manage_workspace" screen, but the object was viewed automatically. Not what I would have expected, but not too bad either. When I had a "change" permission, I got the expected "manage_workspace" screen.
Anyway, I agree with Dieter / Chris. Adding a 'URL Traversable' ('listable'?) permission to all objects and then tweaking methods that do the traversing (objectIds, objectValues) would presumably fix this? Would this be easy? I've never had a look at the security internals, but I'm looking forward to having a go... I think, the implementation would be easy. Management, however, would be more difficult, as there are no good defaults for the "URL Traversable" permission. It is not easy, to determine (e.g.) for a DTML method/document whether it is only used as a component (such as "standard_html_header") or is a full grown presentation method.
Dieter