[Zope] Re: Every user should have the Anonymous role everywhere (was
:Re: [Zope] Authentication, Anonymous and Public)
Chris Withers
chrisw@nipltd.com
Mon, 03 Jul 2000 10:25:41 +0100
Dieter Maurer wrote:
> > > In Zope, each user has a set of roles.
> > > Any user has the "Anonymous" role. Log-in users may have
> > > additional roles.
> >
> > I'm not convinced this is true...
> The Content Manager Guide (Security, Authorization) states it
> this way:
>
> The "Anonymous" role, which all users have implicitly, ....
...and check out the last time the Content Manager's Guide was updated
;-)
Seriously, though, I think this SHOULD be true, although I'm pretty sure
it isn't.
> This is natural, too.
> Why should a registered user have
> less authorization than an anonymous one.
Or, to put it another way, just because an acl_users folder doesn't know
anything about a user, why should that user not have the anonymous role?
> Thus, two reasons to change the Zope authorization, such
> that each user has implicitely the "Anonymous" role,
> if this is not the case now.
I totally agree :-)
Chris