> -----Original Message-----
> From: Chris McDonough [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 11, 2001 6:25 PM
> To: Ron Bickers; [EMAIL PROTECTED]
> Subject: Re: [Zope] hasRole bug or feature in 2.2.?
>
>
> You're gonna laugh. Get ready.
>
> You didn't protect the isMember document. It's viewable by
> Anonymous. The
> Zope security machinery short-circuits authentication for resources that
> don't require it. This means that when you view a resource that's
> unprotected, you view it "as Anonymous". Anonymous doesn't have
> the Member
> role, so you see "You are NOT a Member" when you view /isMember.
I'm not sure this makes sense. If I protect isMember, then anonymous won't
be able to determine if they're a member without being prompted to log in.
Isn't that true? That's not what I want.
Also, why does it behave differently after I view a protected document in
the root? isMember is still not protected, but it then correctly returns
that I have the Member role anywhere in the site.
_______________________
Ron Bickers
Logic Etc, Inc.
[EMAIL PROTECTED]
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
