[Zope-CMF] [dev] DublinCore permissions
Tres Seaver
tseaver at zope.com
Mon Dec 15 10:48:42 EST 2003
On Mon, 2003-12-15 at 03:52, Yuppie wrote:
> Is there any good reason why accessing elements of DefaultDublinCoreImpl
> is not protected by a permission?
>
> - I would expect 'View' or 'Access contents information' as permission.
>
> - Document overrides security declaration for Description() with 'View'.
>
> - DublinCore interface says all these methods are protected by 'View'.
>
> - In CMF 1.0 these methods were protected by 'View' and I can't see why
> that was changed.
The change was part of a larger "ZMI-ification" effort for content
objects, leading up to CMF 1.1. Although I was the one making the
change, I don't recall the justification.
> If there are no objections I'll change the security declarations to
> 'View'. Or would it make sense to use 'Access contents information' instead?
'View' please, and only on the HEAD; this is a change in behavior which
people need to think harder about than I like for a "third-dot" release.
BTW, I plan to post a draft roadmap for CMF 1.5 soon (today, I hope),
and to ask for feedback.
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-CMF
mailing list