.... This is because the thing which makes the problem hard is that something like standard_html_header wants to be editable by Managers TTW, which means it also has to be visible TTW. However, it's probably not something you want exposed to anonymous users, especially as a TTW enitity in its own right. objectIds is my other favourite example ;-)
OK, I'm still a newbie, and in particular I have yet to get my head round zope security properly. But I'm going to attempt to comment on this anyway. For me, the 'visibility' problem is a real bugbear. Apart from the 'security' issue of anon. users being able to list objectIds, it means I am loathe to allow clients to manage their sites through the manage interface. This is because they'll see it littered with methods which pop up a login box whenever they click on them. It looks horrible and unprofessional. Anyway, I agree with Dieter / Chris. Adding a 'URL Traversable' ('listable'?) permission to all objects and then tweaking methods that do the traversing (objectIds, objectValues) would presumably fix this? Would this be easy? I've never had a look at the security internals, but I'm looking forward to having a go... Chris W was talking about adding security on a protocol level as well as an object level, but I can't really see why you would only want to be able to edit a document through webDAV but *not* TTW. In my mind, you're either authenticated to do a task, or you're not. It doesn't matter *how* you do it. That's why 'listable' or something like it would be a better name for the permission than 'URL Traversable', IMHO (although they both sound *ugly*). Someone mentioned they found the ftp access permission useful - I'd be interested to know how / why. seb.