Florent Guillaume wrote:When doing user.getRoles(). Because as Tres said more clearly than me, every user can do what the Anonymous role can, so it's just being consistent to express that in user.getRoles(). IMHO.
Well yours is the only userfolder implementation that does.
While I agree in the security short circuiting code, I think having a getRoles return Anonymous and Authenticated at the same time is bizarre...
I understand it could be viewed that way. Anyway we haven't found any problem in doing this. I'll look if it can be removed safely.
OTOH Anonymous and Authenticated really shouldn't be roles but groups, and indeed in CPS we have special groups representing Anonymous and Authenticated. That makes things *much* more orthogonal, and local roles (local group roles actually) can be used with them to assign rights. But I digress.
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce