[Zope] hasRole bug or feature in 2.2.?
Ron Bickers
rbickers@logicetc.com
Thu, 11 Jan 2001 18:25:07 -0500
> -----Original Message-----
> From: Chris McDonough [mailto:chrism@digicool.com]
> Sent: Thursday, January 11, 2001 6:25 PM
> To: Ron Bickers; zope@zope.org
> Subject: Re: [Zope] hasRole bug or feature in 2.2.?
>
>
> You're gonna laugh. Get ready.
>
> You didn't protect the isMember document. It's viewable by
> Anonymous. The
> Zope security machinery short-circuits authentication for resources that
> don't require it. This means that when you view a resource that's
> unprotected, you view it "as Anonymous". Anonymous doesn't have
> the Member
> role, so you see "You are NOT a Member" when you view /isMember.
I'm not sure this makes sense. If I protect isMember, then anonymous won't
be able to determine if they're a member without being prompted to log in.
Isn't that true? That's not what I want.
Also, why does it behave differently after I view a protected document in
the root? isMember is still not protected, but it then correctly returns
that I have the Member role anywhere in the site.
_______________________
Ron Bickers
Logic Etc, Inc.
rbickers@logicetc.com