-----BEGIN PGP SIGNED MESSAGE-----
Daniel Dekany wrote:
> Maybe I'm just lame, but I can't find a description of the commonly used
> Zope permission anywhere. (Isn't it missing from the "Users and
> Security" chapter of the Zope book? How I am supposed to manage the site
> security if I know everything but the meaning of the concrete
> Mostly, I would like to *know* (as opposed to try-and-guess) what does
> "Access contents information" mean. The definitions I have found on the
> Net was rather foggy. I guess because the meaning of this permission
> depends on the object in question... but is there a summary for the most
> commonly used objects at least? Especially, what does it mean for
> folders? At the first glance it specifies if I can get a contained
> object, but then I have found that somehow it doesn't apply to the
> contained objects that are folders, because I can always get those. Is
> this the rule?
It controls the ability to list the contents, but not to traverse to
them: Zope2 doesn't enforce access on (publishing) traversal, except at
the ery end of the chain, which is a feature in spite of Chris Withers'
insistence to the contrary.
The authoritative place to look would be in the source, particularly in
the OFS package:
SimpleItem.py contains the base classes for most Zope2 objects.
ObjectManger.py contains the base classes for all Zope2 containers.
Folder.py contains the Folder class, which is the commonly-used
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -