Seb Bacon writes:
> > Currently, Zope tries to have very few explicit, object specific
> > permissions. The ideal is that permissions are specified high above in
> > the hierarchy and acquired by lower objects.
> > This is quite possible with the current scheme.
> > Implementing an "URL accessible" permission would require
> > much more tweaking of single object permissions.
> > There are other ways to solve your problem by organization
> > (putting things that should not be seen somewhere else)
> > that do not require an additional permission.
> Now I understand...
> I would disagree, however: I think there is a sensible default value. The
> default would be that anonymous does not have 'traverable' permission, but
> the manager / owner does....
The "traversable" permission would be an additional requirement
to view any object. Its main purpose would be to distinguish
between "use via Web" and "use in DTML only".
"standard_html_*" would be usable in DTML but could not be viewed
via the web. They would not give "traversable" permission to
Many DTML objects, however, would need to give the "traversable"
permission even to Anonymous in order to be useful.
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -