On Sunday 11 January 2004 02:42 pm, Jack Miller wrote:

Created a folder archtype, set perms on an instance of the folder archetype to allow anonymous users to "Add Portal Content", "Modify Portal Content", and "View" - figuring I would run it wide open and then tighten things down. These appear to be the only perms referenced in BaseObject.py and Schema.py. On my folder content archetype ("Volunteer"), I used the property write_permission=CMFCorePermissions.View, on all the fields, including overloading ID and Title. I've included it for inspection. These configurations produce the following behavior: I can get an edit form with all the fields on it, but when I click "Save" it asks for authentication.

The first thing I would try to do is look at the security tab in the root of your Plone instance. Take all of the permissions normally assigned to 'Member' (and perhaps to 'Owner' if that doesn't work) and assign them to anonymous. If that works, try removing the permissions that you feel are overkill one by one (my guess here is that anonymous needs 'List Folder Contents', but it really could be almost anything). If that doesn't work try installing the VerboseSecurity product, and erasing the CookieCrumbler 'cookie_authentication' instance's 'Auto-login page ID' field so that you can see the traceback and which permissions are needed. I hope that helps. Alec Mitchell