I'd like to be able to grant permission to traverse a folder, but not
permission to view folder contents.

This could be handled in Zope by making
container.traversal.ItemTraverser a trusted adapter and protecting it
with a zope.Traverse permission.

I suspect this problem has been discussed before given Zope's maturity
-- and there must be a good reason this isn't done.

The obvious work around is to grant zope.View for the traversable folder
and then to take great pains to deny zope.View for every innaccessible
object in that folder. But having done this, I can say it's very likely
that an admin will forget this, leaving part of a site wide open to
unauthorized reads.

Any thoughts on this? What are the problems with the the zope.Traverse

 -- Garrett
Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to