[Grok-dev] zope.Anybody versus zope.Everybody in grokproject?
Vincent Fretin
vincent.fretin at gmail.com
Thu Jan 7 06:27:59 EST 2010
Hi,
Well, Souheil told me this, so I wrote that.
I didn't verify it, I've just tested with a simple view:
class MyView(grok.View):
grok.context(Interface)
grok.require("zope.View")
def render(self):
return "coucou"
With
<grant permission="zope.View"
principal="zope.Anybody" />
or
<grant permission="zope.View"
principal="zope.Everybody" />
I get access to the view as unauthenticated or authenticated member
(with a PAU).
Is it normal? Souheil?
I don't know how unauthenticatedGroup, authenticatedGroup,
everybodyGroup zcml directives work internally.
regards
Vincent
On Thu, Jan 7, 2010 at 1:40 AM, Martijn Faassen <faassen at startifact.com> wrote:
> Hi there,
>
> I'm too lazy to check grokproject myself, but I just read this:
>
> """
> In etc/site.zcml.in, replace:
>
> <grant permission="zope.View"
> principal="zope.Anybody" />
> <grant permission="zope.app.dublincore.view"
> principal="zope.Anybody" />
>
> by:
>
> <grant
> permission="zope.View"
> principal="zope.Everybody" />
> <grant
> permission="dolmen.content.View"
> principal="zope.Everybody" />
> <grant
> permission="zope.app.dublincore.view"
> principal="zope.Everybody" />
>
>
> Be careful:
>
> * zope.Anybody applies to unauthenticated users only.
> * zope.Everybody applies to both unauthenticated and authenticated users.
> """
>
> This sounds like something we should fix like this in grokproject.
>
> I thought there was a fix in grokproject already to add an extra view
> permission to "zope.Authenticated", but using zope.Everybody sounds like
> a cleaner fix. In addition it appears our fix was incomplete for
> zope.app.dublincore.view?
>
> regards,
>
> Martijn
>
> _______________________________________________
> Grok-dev mailing list
> Grok-dev at zope.org
> https://mail.zope.org/mailman/listinfo/grok-dev
>
More information about the Grok-dev
mailing list