[Zope-CMF] Should we invert security?

[Shane Hathaway]

Right now the security strategy used by CMFDefault is "deny by default".  
Each member folder is set up to deny access to anonymous users and other 
members.  Objects within a member folder allow access depending on their 
workflow state.

But the problem with this strategy, which seems right at first, is subtle: 
you might be able to access content without being able to access the 
container of the content.  So DTML that tries to use PARENTS[0], which 
really ought to be available, raises a security exception.  This is a 
problem right now on cmf.zope.org.

I think we should switch to "allow by default".  Member folders won't have 
any special security settings, but when you create content, it might be 
restricted by default so that other users can't see it until it's ready to 
be published.

Do you agree?  It would sure simplify things IMHO.

Shane