[Zope] role, user defined roles, and inclusion
Florent Guillaume
fg at nuxeo.com
Mon Apr 4 09:04:54 EDT 2005
Chris Withers wrote:
> Florent Guillaume wrote:
>> When doing user.getRoles(). Because as Tres said more clearly than me,
>> every user can do what the Anonymous role can, so it's just being
>> consistent to express that in user.getRoles(). IMHO.
>
> Well yours is the only userfolder implementation that does.
>
> While I agree in the security short circuiting code, I think having a
> getRoles return Anonymous and Authenticated at the same time is bizarre...
I understand it could be viewed that way. Anyway we haven't found any
problem in doing this. I'll look if it can be removed safely.
OTOH Anonymous and Authenticated really shouldn't be roles but groups,
and indeed in CPS we have special groups representing Anonymous and
Authenticated. That makes things *much* more orthogonal, and local roles
(local group roles actually) can be used with them to assign rights. But
I digress.
Florent
--
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com fg at nuxeo.com
More information about the Zope
mailing list