[Zope] Every user should have the Anonymous role everywhere (was :Re: [Zope]
Authentication, Anonymous and Public)
Authentication, Anonymous and Public)
Chris Withers
chrisw@nipltd.com
Sat, 01 Jul 2000 11:47:40 +0100
Dieter Maurer wrote:
> In Zope, each user has a set of roles.
> Any user has the "Anonymous" role. Log-in users may have
> additional roles.
I'm not convinced this is true...
Quoting from the LoginManager CHANGES.TXT file:
> Generic User Source, like the GenericUserFolder product it was inspired by,
> gave all users the Anonymous role. This seems to be incorrect according to
> what other user folders do, including the standard Zope version, so GUS now
> no longer does this.
...which is why Alan experiences this problem. I've also run into it
just using a normal acl_users folder and I've been mentioning every few
months since I bumped into it back in March. Here's my opriginal post:
http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/82AE22A20C7E88AE
I wish this could get sorted out as it makes security a nightmare unless
you use a web of local roles, which is painful and messy to maintain.
Is there any reason why every user shouldn't have the anonymous role for
every accessible page/object/thing visitable through a protocol?
cheers,
Chris