[Grok-dev] zope.Anybody versus zope.Everybody in grokproject?
Vincent Fretin
vincent.fretin at gmail.com
Thu Jan 7 12:34:28 EST 2010
The issue appears only with a dolmen site with a PAU.
With plain grok and only ZCML to define security. All seems to works fine.
I tested the following:
With Python2.4 grokproject 1.0 / Grok 1.0
grokproject sampleproject
bin/paster serve parts/etc/debug.ini
create a demo application
in app.py:
from zope.interface import Interface
class MyView(grok.View):
grok.context(Interface)
grok.require("zope.View")
def render(self):
return "coucou"
in site.zcml.in:
<grant permission="zope.View"
principal="zope.Anybody" />
<!-- <grantAll role="zope.Manager" />-->
bin/buildout
bin/paster serve parts/etc/debug.ini
http://localhost:8080/demo/@@myview
non authenticated see "coucou"
authenticated as admin: unauthorized to see the view.
now if you change to:
<grant permission="zope.View"
principal="zope.Everybody" />
<!-- <grantAll role="zope.Manager" />-->
bin/buildout
bin/paster serve parts/etc/debug.ini
the authenticated admin user can see the view.
All is good.
Now the same thing with
Python2.6/grokproject 1.0/Grok 1.1a2
grokproject --grokversion=1.1a2 sampleproject2
It works as expected.
So the fix Uli made on grokproject is ok.
There is an issue with dolmen PAU somewhere...
More information about the Grok-dev
mailing list