Brian Lloyd wrote:
> > >    That's a problem. Root index_html is viewable by
> > Anonymous user - Zope
> > > should not complain about wrong (not in acl_users) login/password.
> >
> > It seems Zope doesn't like being presented with Authentication
> > information it knows nothing about. A more graceful way of
> > dealing with
> > this would be to say 'I don't know who you are, so I'm going to treat
> > you as anonymous' rather than 'I don't know who you are, so
> > f- off' ;-)

> The old (broken) behavoir was that if credentials were sent,
> then an unauthorized was raised if a matching user could not
> be found to match those credentials.
> The new behavior is that if credentials are sent *and* no
> matching user is found *and* the resource being requested
> is accessible by Anonymous then the Anonymous user is used.

This is great and works as expected. I've converted it into a patch for
2.1.6 which is attached, in case anyone wants it.

I've also CC'ed in Ty Sarna since LoginManager, GUF and several other
things have (recently ;-) changed to support the broken logic, so they
probably need to change back now... :-S

Many thanks for fixing this, my day is getting better at last :-)




 PermissionRole import _what_not_even_god_should_do

what is that all about?! ;-)
---        Tue Jul 11 18:13:50 2000
+++     Tue Jul 11 18:17:13 2000
@@ -445,10 +445,16 @@
         # Try to get user
         if user is None:
+            if self._isTop() and self._nobody.allowed(parent, roles):
+                user=self._nobody.__of__(self)
+                return user
             return None
         # Try to authenticate user
         if not user.authenticate(password, request):
+            if self._isTop() and self._nobody.allowed(parent,roles):
+                user=self._nobody.__of__(self)
+                return user
             return None
         # We need the user to be able to acquire!

Reply via email to