Re: [Zope] Re: Every user should have the Anonymous role everywhere(was :Re: [Zope] Authentication, Anonymous and Public)
Stuart Bishop wrote: > or in BasicUserFolder. Either way it should go in the collector. Issue 1391, or in a slightly different phrasing, Issue 467 cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: Every user should have the Anonymous role everywhere(was :Re: [Zope] Authentication, Anonymous and Public)
On Sun, 2 Jul 2000, Dieter Maurer wrote: > Chris Withers writes: > > Dieter Maurer wrote: > > > In Zope, each user has a set of roles. > > > Any user has the "Anonymous" role. Log-in users may have > > > additional roles. > > > > I'm not convinced this is true... > The Content Manager Guide (Security, Authorization) states it > this way: > > The "Anonymous" role, which all users have implicitly, Ahh... I thought I saw this somewhere. Either a bug in the documentation, or in BasicUserFolder. Either way it should go in the collector. Since few (if any) of the user folders use this, it may be best handled in the Zope source if it is decided that it isn't a documentation error. -- Stuart Bishop Work: [EMAIL PROTECTED] Senior Systems Alchemist Play: [EMAIL PROTECTED] Computer Science, RMIT University ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: Every user should have the Anonymous role everywhere (was :Re: [Zope] Authentication, Anonymous and Public)
Dieter Maurer wrote: > > > In Zope, each user has a set of roles. > > > Any user has the "Anonymous" role. Log-in users may have > > > additional roles. > > > > I'm not convinced this is true... > The Content Manager Guide (Security, Authorization) states it > this way: > > The "Anonymous" role, which all users have implicitly, ...and check out the last time the Content Manager's Guide was updated ;-) Seriously, though, I think this SHOULD be true, although I'm pretty sure it isn't. > This is natural, too. > Why should a registered user have > less authorization than an anonymous one. Or, to put it another way, just because an acl_users folder doesn't know anything about a user, why should that user not have the anonymous role? > Thus, two reasons to change the Zope authorization, such > that each user has implicitely the "Anonymous" role, > if this is not the case now. I totally agree :-) Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Every user should have the Anonymous role everywhere (was :Re: [Zope] Authentication, Anonymous and Public)
Chris Withers writes: > Dieter Maurer wrote: > > In Zope, each user has a set of roles. > > Any user has the "Anonymous" role. Log-in users may have > > additional roles. > > I'm not convinced this is true... The Content Manager Guide (Security, Authorization) states it this way: The "Anonymous" role, which all users have implicitly, This is natural, too. Why should a registered user have less authorization than an anonymous one. Thus, two reasons to change the Zope authorization, such that each user has implicitely the "Anonymous" role, if this is not the case now. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] RE: Every user should have the Anonymous role everywhere
My suggestion for splitting the role or allowing an "anyone" or "public" role would allow "anonymous" to be maintained and used to identify users that are not authenticated. (This seems to be the norm now for DTML.) The new role would basically be defined as "ignore all security and allow access" Placing the alternate User Folder at the root and using hierarchical roles defined at the root level would make it more manageable, but it would have several drawbacks I can think of off hand: more complex management, shared security model in virtual servers, and difficult for newbies to implement security without locking themselves out of the entire system. Perhaps a flag for "use security"/"don't use security" on this folder/object would be useful? I haven't seen this submitted to the Bug Collector yet.. > > -- > > From: Chris Withers[SMTP:[EMAIL PROTECTED]] > Dieter Maurer wrote: > > In Zope, each user has a set of roles. > > Any user has the "Anonymous" role. Log-in users may have > > additional roles. > > I'm not convinced this is true... > > Quoting from the LoginManager CHANGES.TXT file: > > Generic User Source, like the GenericUserFolder product it was > inspired by, > > gave all users the Anonymous role. This seems to be incorrect > according to > > what other user folders do, including the standard Zope > version, so GUS now > > no longer does this. > > ...which is why Alan experiences this problem. I've also run into it > just using a normal acl_users folder and I've been mentioning every few > months since I bumped into it back in March. Here's my opriginal post: > > http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/82AE22A20C7E88AE > > I wish this could get sorted out as it makes security a nightmare unless > you use a web of local roles, which is painful and messy to maintain. > > Is there any reason why every user shouldn't have the anonymous role for > every accessible page/object/thing visitable through a protocol? > > cheers, > > Chris > ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )