[Zope-dev] protocol accesibility

Chris Withers chrisw@nipltd.com
Fri, 05 Jan 2001 15:11:01 +0000


Toby Dickenson wrote:
> 
> IMO their goals are achieved better, and simpler, with a HOWTO
> that explains how to configure the 'access contents information' permission.

That's not been my experience, but maybe that How-To would help :-)
Care to write it? ;-)

> I think perhaps you havent appreciated the simplicity of the current
> arrangement - all protocols work the same.

That remains to be proved, even given the DTML wart you mentioned ;-)

> Your word 'accidentally' is a good hint as to the reason. A better (IMO)
> principal is 'protocol independance' - a method should behave the same no
> matter how it is called.

Protocol independence is not necessarily a good thing in this case.
Different protocols have different capabilities. For example, you might
trust someone a lot more if they were using HTTPS rather HTTP. 

So, there is a disagreement here. What I proposed would enable us both
to be happy, without anymore work on your part thanks to defaults that
leave things as they are now. Your point of view leaves only you happy
;-)

> > How would you hide things like standard_html_header and _footer from
> > users?
> 
> Im not sure why they need to be, please explain. I dont think 'tidyness' is
> a sufficient reason. 

I do, and I'm sure others do to. It's doesn't look very professional
when things like http://www.zope.org/standard_html_header and
http://www.cbsnewyork.com/objectIds are left hanging out.
http://www.cbsnewyork.com/rubbish ain't none too nice either, likewise
http://www.cbsnewyork.com/manage...

cheers,

Chris