[Grok-dev] Unauthorized, but only on the upgraded Grok project (bug in 1.0b2?)
Jan-Wijbrand Kolman
janwijbrand at gmail.com
Tue Oct 6 06:25:16 EDT 2009
Sebastian Ware wrote:
> Problem solved with:
>
>> grok.require('zope.Public')
Right.
Let me try to explain:
* Generally a view that accepts login credentials can itself not require
authentication. The key would be stored in the safe otherwise.
* Starting with Grok 1.0b2 views that do not explicitly set a require,
will have the 'zope.View' permission requirement and not 'zope.Public'
anymore. It is important to realize that 'zope.View' really is a
permssion, whereas 'zope.Public' is not a permission, but merely an
indicator to the zope security machinery that this view does not need
any checking of permissions at all.
Now, what I still do not really understand about this situation is that
you said you have added...
<grant permission="zope.View" principal="zope.Anybody" />
...to your project's site.zcml file. And this apparently still made the
Login view to require authentication. I wonder if the "grant" somehow
was not picked up by your project? Or if this "grant" is not enough for
in certain situations?
This needs a bit of thinking and experimentation. If there's indeed a
bug in Grok or in the upgrade docs I'd really like to find it soonish...
regards,
jw
More information about the Grok-dev
mailing list