[Zope] Access Control vs Publishing Protoco

Dieter Maurer dieter@handshake.de
Thu, 12 Oct 2000 12:21:12 +0200 (CEST)


Seb Bacon writes:
 > ....
 > > Currently, Zope tries to have very few explicit, object specific
 > > permissions. The ideal is that permissions are specified high above in
 > > the hierarchy and acquired by lower objects.
 > > This is quite possible with the current scheme.
 > > Implementing an "URL accessible" permission would require
 > > much more tweaking of single object permissions.
 > >
 > > There are other ways to solve your problem by organization
 > > (putting things that should not be seen somewhere else)
 > > that do not require an additional permission.
 > 
 > Now I understand...
 > I would disagree, however: I think there is a sensible default value.  The
 > default would be that anonymous does not have 'traverable' permission, but
 > the manager / owner does....
The "traversable" permission would be an additional requirement
to view any object. Its main purpose would be to distinguish
between "use via Web" and "use in DTML only".
"standard_html_*" would be usable in DTML but could not be viewed
via the web. They would not give "traversable" permission to
Anonymous.
Many DTML objects, however, would need to give the "traversable"
permission even to Anonymous in order to be useful.


Dieter