> -----Original Message-----
> From: Chris McDonough [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 11, 2001 6:25 PM
> To: Ron Bickers; [EMAIL PROTECTED]
> Subject: Re: [Zope] hasRole bug or feature in 2.2.?
> You're gonna laugh.  Get ready.
> You didn't protect the isMember document.  It's viewable by
> Anonymous.  The
> Zope security machinery short-circuits authentication for resources that
> don't require it.  This means that when you view a resource that's
> unprotected, you view it "as Anonymous".  Anonymous doesn't have
> the Member
> role, so you see "You are NOT a Member" when you view /isMember.

I'm not sure this makes sense.  If I protect isMember, then anonymous won't
be able to determine if they're a member without being prompted to log in.
Isn't that true?  That's not what I want.

Also, why does it behave differently after I view a protected document in
the root?  isMember is still not protected, but it then correctly returns
that I have the Member role anywhere in the site.


Ron Bickers
Logic Etc, Inc.

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to