[Zope] Re: [Archetypes-devel] Anonymous users creating/modifying
Archetypes site content
Alec Mitchell
apm13 at columbia.edu
Sun Jan 11 18:01:14 EST 2004
On Sunday 11 January 2004 02:42 pm, Jack Miller wrote:
> Created a folder archtype, set perms on an instance of the folder archetype
> to allow anonymous users to "Add Portal Content", "Modify Portal Content",
> and "View" - figuring I would run it wide open and then tighten things
> down. These appear to be the only perms referenced in BaseObject.py and
> Schema.py. On my folder content archetype ("Volunteer"), I used the
> property
> write_permission=CMFCorePermissions.View, on all the fields, including
> overloading ID and Title. I've included it for inspection. These
> configurations produce the following behavior: I can get an edit form with
> all the fields on it, but when I click "Save" it asks for authentication.
The first thing I would try to do is look at the security tab in the root of
your Plone instance. Take all of the permissions normally assigned to
'Member' (and perhaps to 'Owner' if that doesn't work) and assign them to
anonymous. If that works, try removing the permissions that you feel are
overkill one by one (my guess here is that anonymous needs 'List Folder
Contents', but it really could be almost anything). If that doesn't work try
installing the VerboseSecurity product, and erasing the CookieCrumbler
'cookie_authentication' instance's 'Auto-login page ID' field so that you can
see the traceback and which permissions are needed. I hope that helps.
Alec Mitchell
More information about the Zope
mailing list