Dieter Maurer wrote:
> In Zope, each user has a set of roles.
> Any user has the "Anonymous" role. Log-in users may have
> additional roles.
I'm not convinced this is true...
Quoting from the LoginManager CHANGES.TXT file:
> Generic User Source, like the GenericUserFolder product it was inspired by,
> gave all users the Anonymous role. This seems to be incorrect according to
> what other user folders do, including the standard Zope version, so GUS now
> no longer does this.
...which is why Alan experiences this problem. I've also run into it
just using a normal acl_users folder and I've been mentioning every few
months since I bumped into it back in March. Here's my opriginal post:
http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/82AE22A20C7E88AE
I wish this could get sorted out as it makes security a nightmare unless
you use a web of local roles, which is painful and messy to maintain.
Is there any reason why every user shouldn't have the anonymous role for
every accessible page/object/thing visitable through a protocol?
cheers,
Chris
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )