I'd like to be able to grant permission to traverse a folder, but not permission to view folder contents.
This could be handled in Zope by making container.traversal.ItemTraverser a trusted adapter and protecting it with a zope.Traverse permission. I suspect this problem has been discussed before given Zope's maturity -- and there must be a good reason this isn't done. The obvious work around is to grant zope.View for the traversable folder and then to take great pains to deny zope.View for every innaccessible object in that folder. But having done this, I can say it's very likely that an admin will forget this, leaving part of a site wide open to unauthorized reads. Any thoughts on this? What are the problems with the the zope.Traverse idea? -- Garrett _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com