-----Original Message----- From: Chris McDonough [mailto:chrism@digicool.com] Sent: Thursday, January 11, 2001 6:25 PM To: Ron Bickers; zope@zope.org Subject: Re: [Zope] hasRole bug or feature in 2.2.?
You're gonna laugh. Get ready.
You didn't protect the isMember document. It's viewable by Anonymous. The Zope security machinery short-circuits authentication for resources that don't require it. This means that when you view a resource that's unprotected, you view it "as Anonymous". Anonymous doesn't have the Member role, so you see "You are NOT a Member" when you view /isMember.
I'm not sure this makes sense. If I protect isMember, then anonymous won't be able to determine if they're a member without being prompted to log in. Isn't that true? That's not what I want. Also, why does it behave differently after I view a protected document in the root? isMember is still not protected, but it then correctly returns that I have the Member role anywhere in the site. _______________________ Ron Bickers Logic Etc, Inc. rbickers@logicetc.com