I still think he is wrong ;-) [Hi Jens!] Some excerpts from AccessControl/User.py: nobody=SpecialUser('Anonymous User','',('Anonymous',), []) class BasicUser(Implicit): def allowed(self, object, object_roles=None): """Check whether the user has access to object. The user must have one of the roles in object_roles to allow access.""" if object_roles is _what_not_even_god_should_do: return 0 # Short-circuit the common case of anonymous access. if object_roles is None or 'Anonymous' in object_roles: return 1 ... class SimpleUser(BasicUser): def getRoles(self): """Return the list of roles assigned to a user.""" if self.name == 'Anonymous User': return tuple(self.roles) else: return tuple(self.roles) + ('Authenticated',) AFAICS only nobody has role 'Anonymous', ever. And - looking at allowed - there does not seem to be any benefit in having the 'Anonymous' role, because the check for anonymous access is short-circuited and never reaches proper role comparison anyway... I've been writing some user folders lately, and what Jens observed never occured to me. I agree that the 'Anonymous' role must always be defined in the *system* or all kinds of breakage will occur (you should be able to see it in the 'Security' tab). I do however not see why it should be necessary to give 'Anonymous' to *users* other than nobody. I do also not see where this would be done in case it was. So, Jens, please show us the code ;-) Stefan --On Mittwoch, 06. August 2003 17:13 +0200 Jean Jordaan <jean@upfrontsystems.co.za> wrote:
I suspect that's a bug in LDAPUserFolder, I'd let the author know ;-)
So did I, and I did, but Jens is positive it's needed. From our mails:
""" Anonymous *must always be there* for Zope to work correctly. Taking it out leads to a lot of breakage all over. [...] That test is simply flawed. Test for "Authenticated" instead. There is nowhere where this can be found in the docs I believe, I found it by trial and error. """
-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/