To Dennis: I use Zope 2.9.5 final. Is this version concern

2007/3/12, Dieter Maurer <[EMAIL PROTECTED]>:

Garito wrote at 2007-3-12 04:04 +0100:
> ...
>In my code I don't use nothing about security and nothing is changed on
>zmi's security tab
>But when I launch a method (Borrar if you remember) the user who launches
>the action is anonymous not the logged one

Your problem description is too terse to say something definite about
the real problem.

But, I can tell you that whether or not a user appears to be
anonymous or logged in only slightly depends on security settings.

The process is as follows:

  The url traversal determines the published object and
  the path to reach it. From the published object the roles are determined
  necessary to access it.
  Then a user folder is looked for that can authenticate a user
  from the current request with the required roles. This lookup
  proceeds in the reverse order than the url traversal.

  Thus, unless you have given your object unreasonable roles (usually
  you protect by a permission which is then mapped to a set of roles),
  the authenticated user primarily depends on the authentication
  information in the request.

In what kind the request contains authentication information
highly depends on the form of authentication you are using.
There are at least two widely used approaches: cookie based authentication
and HTTP (basic) authentication.

In the first case, the user will appear "anonymous" whenever
cookies are disabled.


Mis Cosas:
Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to