[Zope] Access Control vs Publishing Protoco

Seb Bacon sebbacon@email.com
Thu, 12 Oct 2000 10:46:40 +0100


oops,

I forgot to foward my last mail on this subject to the list.  My response
here to Dieter's response captures contains the main points though...

>  > > I think, the implementation would be easy.
>  > > Management, however, would be more difficult, as there are no
>  > > good defaults for the "URL Traversable" permission.
>  > > It is not easy, to determine (e.g.) for a DTML method/document
>  > > whether it is only used as a component (such as
>  > > "standard_html_header") or is a full grown presentation method.
>  >
>  > Um, I don't think I understand.

[ snip ]

> Currently, Zope tries to have very few explicit, object specific
> permissions. The ideal is that permissions are specified high above in
> the hierarchy and acquired by lower objects.
> This is quite possible with the current scheme.
> Implementing an "URL accessible" permission would require
> much more tweaking of single object permissions.
>
> There are other ways to solve your problem by organization
> (putting things that should not be seen somewhere else)
> that do not require an additional permission.

Now I understand...
I would disagree, however: I think there is a sensible default value.  The
default would be that anonymous does not have 'traverable' permission, but
the manager / owner does.  The cases where an authenticated user is able to
traverse some objects but not others would, as you point out, be rare,
because you could instead manage these by organisation.  You would still use
organisation to avoid having to set too many additional permissions.
However, this solution would solve the 'security' issue of the anonymous
user being able to list objectIds in any folder TTW.  It would also allow
the developer more flexibilty in how they designed their application, which
can only be a Good Thing?

seb.