-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Dekany wrote:

Maybe I'm just lame, but I can't find a description of the commonly used Zope permission anywhere. (Isn't it missing from the "Users and Security" chapter of the Zope book? How I am supposed to manage the site security if I know everything but the meaning of the concrete permissions?)

Mostly, I would like to *know* (as opposed to try-and-guess) what does "Access contents information" mean. The definitions I have found on the Net was rather foggy. I guess because the meaning of this permission depends on the object in question... but is there a summary for the most commonly used objects at least? Especially, what does it mean for folders? At the first glance it specifies if I can get a contained object, but then I have found that somehow it doesn't apply to the contained objects that are folders, because I can always get those. Is this the rule?

It controls the ability to list the contents, but not to traverse to them: Zope2 doesn't enforce access on (publishing) traversal, except at the ery end of the chain, which is a feature in spite of Chris Withers' insistence to the contrary. The authoritative place to look would be in the source, particularly in the OFS package: SimpleItem.py contains the base classes for most Zope2 objects. ObjectManger.py contains the base classes for all Zope2 containers. Folder.py contains the Folder class, which is the commonly-used container. Tres. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCiMw5+gerLs4ltQ4RAoxUAKCkzcMWmamtZPvg/xVJoi+ML7qq4wCaA8Sl xXNLgPJoR7BVjQAdPx/Yn04= =fT9+ -----END PGP SIGNATURE-----