[Zope-CMF] [dev] Why is contentItems public?

yuppie y.2004_ at wcm-solutions.de
Sun Sep 12 12:53:31 EDT 2004


Hi!


Calling 'contentItems' (or 'contentIds' or 'contentValues') on big 
folders is quite expensive. E.g. waking up all the 30000+ member folders 
of zope.org takes a while. So anonymous users should not be allowed to 
do that.


I found this related change note in HISTORY.txt:

    - Implement new "List folder contents" permission (Tracker
      #320), to prevent non-privileged users from being able to
      browse 'folder_contents' (permission is by default mapped
      to 'Owner' and 'Manager').

      Note that this is really only a UI change:
      'PortalFolder.contentIds', 'PortalFolder.contentValues', and
      'PortalFolder.contentItems' are still public, to allow for
      reasonable "site map" views on folders.


The default 'objectItems' (or 'contentIds' or 'contentValues') is much 
less expensive, but protected by 'Access contents information' and has 
no docstring.

I propose to remove at least the docstrings of 'content*', on 
CMF-1_5-branch and HEAD.


Any thoughts?

Cheers,
	Yuppie




More information about the Zope-CMF mailing list