10 Nov
2002
10 Nov
'02
10:11 p.m.
Paul Tiemann writes:
I had the same experience, and after researching it a little, I found that if Zope is asked to perform an action (render a dtml method, call a python script, etc) and that action can be done by the 'Anonymous' role, then Zope doesn't even bother to look at the user's credentials, because it knows that the action is already allowed, no matter what other roles the user has.
In those cases, I believe Zope performs the action, passing in a generic anonymous user instead of passing in the actual credentials. When the credentials are already there (and are valid), it will use it. But, it will not ask for them, it this is not the case.
Dieter