-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Dekany wrote: > Maybe I'm just lame, but I can't find a description of the commonly used > Zope permission anywhere. (Isn't it missing from the "Users and > Security" chapter of the Zope book? How I am supposed to manage the site > security if I know everything but the meaning of the concrete > permissions?) > > Mostly, I would like to *know* (as opposed to try-and-guess) what does > "Access contents information" mean. The definitions I have found on the > Net was rather foggy. I guess because the meaning of this permission > depends on the object in question... but is there a summary for the most > commonly used objects at least? Especially, what does it mean for > folders? At the first glance it specifies if I can get a contained > object, but then I have found that somehow it doesn't apply to the > contained objects that are folders, because I can always get those. Is > this the rule?
It controls the ability to list the contents, but not to traverse to them: Zope2 doesn't enforce access on (publishing) traversal, except at the ery end of the chain, which is a feature in spite of Chris Withers' insistence to the contrary. The authoritative place to look would be in the source, particularly in the OFS package: SimpleItem.py contains the base classes for most Zope2 objects. ObjectManger.py contains the base classes for all Zope2 containers. Folder.py contains the Folder class, which is the commonly-used container. Tres. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCiMw5+gerLs4ltQ4RAoxUAKCkzcMWmamtZPvg/xVJoi+ML7qq4wCaA8Sl xXNLgPJoR7BVjQAdPx/Yn04= =fT9+ -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )