Dieter Maurer wrote:
> In Zope, each user has a set of roles.
> Any user has the "Anonymous" role. Log-in users may have
> additional roles.

I'm not convinced this is true...

Quoting from the LoginManager CHANGES.TXT file:
> Generic User Source, like the GenericUserFolder product it was inspired by,
> gave all users the Anonymous role. This seems to be incorrect according to 
> what other user folders do, including the standard Zope version, so GUS now 
> no longer does this.

...which is why Alan experiences this problem. I've also run into it
just using a normal acl_users folder and I've been mentioning every few
months since I bumped into it back in March. Here's my opriginal post:

I wish this could get sorted out as it makes security a nightmare unless
you use a web of local roles, which is painful and messy to maintain.

Is there any reason why every user shouldn't have the anonymous role for
every accessible page/object/thing visitable through a protocol?



Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to