Hash: SHA1

Daniel Dekany wrote:
> Maybe I'm just lame, but I can't find a description of the commonly used
> Zope permission anywhere. (Isn't it missing from the "Users and
> Security" chapter of the Zope book? How I am supposed to manage the site
> security if I know everything but the meaning of the concrete
> permissions?)
> Mostly, I would like to *know* (as opposed to try-and-guess) what does
> "Access contents information" mean. The definitions I have found on the
> Net was rather foggy. I guess because the meaning of this permission
> depends on the object in question... but is there a summary for the most
> commonly used objects at least? Especially, what does it mean for
> folders? At the first glance it specifies if I can get a contained
> object, but then I have found that somehow it doesn't apply to the
> contained objects that are folders, because I can always get those. Is
> this the rule?

It controls the ability to list the contents, but not to traverse to
them:  Zope2 doesn't enforce access on (publishing) traversal, except at
the ery end of the chain, which is a feature in spite of Chris Withers'
insistence to the contrary.

The authoritative place to look would be in the source, particularly in
the OFS package:

  SimpleItem.py contains the base classes for most Zope2 objects.

  ObjectManger.py contains the base classes for all Zope2 containers.

  Folder.py contains the Folder class, which is the commonly-used

Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to