[Zope-CMF] [dev] Why is contentItems public?
yuppie
y.2004_ at wcm-solutions.de
Sun Sep 12 12:53:31 EDT 2004
Hi!
Calling 'contentItems' (or 'contentIds' or 'contentValues') on big
folders is quite expensive. E.g. waking up all the 30000+ member folders
of zope.org takes a while. So anonymous users should not be allowed to
do that.
I found this related change note in HISTORY.txt:
- Implement new "List folder contents" permission (Tracker
#320), to prevent non-privileged users from being able to
browse 'folder_contents' (permission is by default mapped
to 'Owner' and 'Manager').
Note that this is really only a UI change:
'PortalFolder.contentIds', 'PortalFolder.contentValues', and
'PortalFolder.contentItems' are still public, to allow for
reasonable "site map" views on folders.
The default 'objectItems' (or 'contentIds' or 'contentValues') is much
less expensive, but protected by 'Access contents information' and has
no docstring.
I propose to remove at least the docstrings of 'content*', on
CMF-1_5-branch and HEAD.
Any thoughts?
Cheers,
Yuppie
More information about the Zope-CMF
mailing list