[Grok-dev] zope.Anybody versus zope.Everybody in grokproject?

Martijn Faassen faassen at startifact.com
Wed Jan 6 19:40:35 EST 2010


Hi there,

I'm too lazy to check grokproject myself, but I just read this:

"""
In etc/site.zcml.in, replace:

<grant permission="zope.View"
        principal="zope.Anybody" />
<grant permission="zope.app.dublincore.view"
        principal="zope.Anybody" />

by:

<grant
     permission="zope.View"
     principal="zope.Everybody" />
<grant
     permission="dolmen.content.View"
     principal="zope.Everybody" />
<grant
     permission="zope.app.dublincore.view"
     principal="zope.Everybody" />


Be careful:

* zope.Anybody applies to unauthenticated users only.
* zope.Everybody applies to both unauthenticated and authenticated users.
"""

This sounds like something we should fix like this in grokproject.

I thought there was a fix in grokproject already to add an extra view 
permission to "zope.Authenticated", but using zope.Everybody sounds like 
a cleaner fix. In addition it appears our fix was incomplete for 
zope.app.dublincore.view?

regards,

Martijn



More information about the Grok-dev mailing list