[Zope-dev] Strange permissions in the (built-in) API reference

Michel Pelletier michel@digicool.com
Tue, 10 Oct 2000 14:21:49 -0700


Dieter Maurer wrote:
> 
> I have just thouroughly looked through the API reference
> which is built in Zope 2.2.2.
> 
> I found many strange permission statements, e.g.:
> 
>   * all methods of "PropertySheets" can only be used from Python
> 
>   * while "PropertySheet.propertyItems" can be used with
>     permission "Access Contents Information",
>     "PropertySheet.getProperty" can be used from Python only
> 
>   * "ObjectManagerItem.restrictedTraverse" can be used
>     from Python only

As a reminder, could you sumbit these to the collector?  I can fix the
documentation bugs but what permissions should be what is outside my
scope, and would probably require some thought from Brian or Jim or
someone more aware of the security details.
 
>   * some permission are given as "XXX" (e.g.
>     "ObjectManagerItem.this")

I'll fix this for the next release.
 
> I wonder, if this is caused by the API reference being shipped
> with "data.fs.in" (which, in my case, is old, at least 2.2.1).
> 
> If this would be the case, then it might be better to have such
> documentation outside in the file system, as "data.fs" tends
> to taken over from older installations to newer ones.

This documentation is on the filesystem, for example all of the OFS
objects' API references are in lib/python/Products/OFSP/help.  They are
python modules that get turned into documetation when Products get
registered.
 
> Besides, there are many small problems with structured text.
> One particular instance is the removal of default arguement
> values '', caused by the interpretation of "'".

Hmmm... ok we'll think about that. Thanks,

-Michel