Seb Bacon wrote:
edit a document through webDAV but *not* TTW. In my mind, you're either
authenticated to do a task, or you're not. It doesn't matter *how* you do
it. That's why 'listable' or something like it would be a better name for
the permission than 'URL Traversable', IMHO (although
Dieter Maurer wrote:
Management, however, would be more difficult, as there are no
good defaults for the "URL Traversable" permission.
It is not easy, to determine (e.g.) for a DTML method/document
whether it is only used as a component (such as
"standard_html_header") or is a full grown
Dieter Maurer wrote:
My primary concern (and maybe Chris') is, how can we prevent
these objects to be viewed by Anonymous.
Yup, that's exactly my point...
cheers,
Chris
___
Zope maillist - [EMAIL PROTECTED]
Seb Bacon writes:
OK, I think we're talking about the same thing now...but could you give me
an example of any object that would need to be traversable by Anonymous?
index_html, for example, doesn't need to be traversable (I still prefer
'listable'). Viewable TTW, yes, but that's all.
I
oops,
I forgot to foward my last mail on this subject to the list. My response
here to Dieter's response captures contains the main points though...
I think, the implementation would be easy.
Management, however, would be more difficult, as there are no
good defaults for the "URL
This is because the thing which makes
the problem hard is that something like standard_html_header
wants to be
editable by Managers TTW, which means it also has to be visible TTW.
However, it's probably not something you want exposed to anonymous
users, especially as a TTW
Seb Bacon writes:
For me, the 'visibility' problem is a real bugbear. Apart from the
'security' issue of anon. users being able to list objectIds, it means I am
loathe to allow clients to manage their sites through the manage interface.
This is because they'll see it littered with