Am 26.06.2010, 16:03 Uhr, schrieb yuppie <>:

Hiya yuppie,

I guess it's only appropriate that you replied to this.

> Which "current check" do you mean? Right now there is no logged_in view
> so there is no permission check for a logged_in view.

In the PythonScript the following check is performed:

isAnon = mtool.isAnonymousUser()
if isAnon:
     context.REQUEST.RESPONSE.expireCookie('__ac', path='/')
     options['is_anon'] = True
     options['title'] = _(u'Login failure')
     options['admin_email'] = ptool.getProperty('email_from_address')

>> by a view permission such as
>> "cmf.AddPortalContent" but no matter what I set the view remains  
>> callable
>> by a non-authenticated user. Are the permissions being ignored or have I
>> got the wrong end of the stick?

> In case you are modifying the permission for the logged_in *action*
> you've got the wrong end.

No, I mean the permission set in the zcml view registration. As previously  
discussed, I don't think "logged_in" and "logged_out" should be portal  
actions as they are states.

Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
Zope-CMF maillist  -

See for bug reports and feature requests

Reply via email to