[Zope] strange line in BaseRequest.py

Ingo Assenmacher ingo.assenmacher@post.rwth-aachen.de
Tue, 08 Feb 2000 12:02:45 +0100 (MET)


Hi!

I am using Zope 2.1.2/Linux ix86.


Now there is a line in $PYTHONDIR/lib/python/ZPublisher/BaseRequest.py which
does riddle me:

if user is None and roles != UNSPECIFIED_ROLES:
        response.unauthorized()

(line 441/442).

I ran into this one because I set up one folder to be an internal uploading
folder which should generally not be accessible from anonymous users.
So I added users to the acl_user folder, gave them a write_role and set up
permissions correctly. Everything worked so far. The write_role was globally
declared within the root-folder, the users were declared locally within the
folder which was designed to be used for uploads (not above).

I entered the (anonymously viewable) site and changed to the private folder;
I was asked for uname and pwd and got access to the private folder. Ok.
But then I wanted to go to the public area again... which raised the
"unauthorised" response at the above lines. 
I figured that declaring the users on the level of the anonymously viewable
pages and passing the write_role to these users locally within the upload
folder settled my problem, since they were not "None" anymore within traverse.

BUT: are these lines no mistake? How can a user which is None have roles?
The manual states that any user implicitly has the "anonymous role"... which he
has not, according to the lines above.

(Please: I did NOT study traverse() very hard, so please excuse this, maybe,
dumb question). 

Regards, Ingo

------------------------------------------