[Zope] Re: What does Access Content Info. mean for folders?

Tres Seaver tseaver at palladion.com
Mon May 16 12:37:13 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Dekany wrote:
> Maybe I'm just lame, but I can't find a description of the commonly used
> Zope permission anywhere. (Isn't it missing from the "Users and
> Security" chapter of the Zope book? How I am supposed to manage the site
> security if I know everything but the meaning of the concrete
> permissions?)
> 
> Mostly, I would like to *know* (as opposed to try-and-guess) what does
> "Access contents information" mean. The definitions I have found on the
> Net was rather foggy. I guess because the meaning of this permission
> depends on the object in question... but is there a summary for the most
> commonly used objects at least? Especially, what does it mean for
> folders? At the first glance it specifies if I can get a contained
> object, but then I have found that somehow it doesn't apply to the
> contained objects that are folders, because I can always get those. Is
> this the rule?

It controls the ability to list the contents, but not to traverse to
them:  Zope2 doesn't enforce access on (publishing) traversal, except at
the ery end of the chain, which is a feature in spite of Chris Withers'
insistence to the contrary.

The authoritative place to look would be in the source, particularly in
the OFS package:

  SimpleItem.py contains the base classes for most Zope2 objects.

  ObjectManger.py contains the base classes for all Zope2 containers.

  Folder.py contains the Folder class, which is the commonly-used
  container.

Tres.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCiMw5+gerLs4ltQ4RAoxUAKCkzcMWmamtZPvg/xVJoi+ML7qq4wCaA8Sl
xXNLgPJoR7BVjQAdPx/Yn04=
=fT9+
-----END PGP SIGNATURE-----



More information about the Zope mailing list