On Wednesday 16 November 2005 15:38, Jeff Shell wrote: > Am I denying the right person here? Globally, the permission is set up > as follows: > > {'permission': 'zope.View', > 'role': 'zope.Anonymous', > 'setting': PermissionSetting: Allow}, > > Should I Deny access to the zope.Anonymous role?
Yeah, you need to deny all permissions to anonymous. Note that then anonymous cannot see any pages whatsoever, which is probably what you want. > To the Everybody group? no, that's not necessary. > To the Unauthenticated Group? You could do that, if you like. > Right now, I only deny the principal: > > def denyUnauthenticated(self): > """ Explicitly deny the view permissions for unauthenticated users. > """ anybody = zapi.getUtility(IUnauthenticatedPrincipal).id > pmanager = IPrincipalPermissionManager(self.context) > for permission in self._view_permissions: > pmanager.denyPermissionToPrincipal(permission, anybody) mmh, that should work though. > The point of this simple 'sharing' interface is to let our customer > have a press folder that they can restrict access to by allowing only > limited people in to it. We're trying to keep the user interface as > simple as possible. Yep, that's a noble/good goal. :-) Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users