[Zope] role, user defined roles, and inclusion
Chris Withers
chris at simplistix.co.uk
Wed Mar 30 02:31:13 EST 2005
Hi Dennis,
Dennis Allison wrote:
> Are the standard roles (anonymous, authorized_user, manager) inclusive?
> By inclusive I mean that an authorized_user is also treated as an
> anonymous_user and that a manager is also anonymous and an
> authorized_user.
Anonymous and Authenticated are two special roles.
A user will have the Anonymous role iff they have not supplied any
authentication credentials.
A user will have the Authenticated role iff they HAVE supplied
authentication credentials.
A user will never have Authenticated and Anonymous roles at the same time.
For all other roles, the user has those roles or not. Having or not
having a role has no effect on having or not having any other role.
The permissions a user has is the logical OR of all the permissions
mapped to all the roles the user has.
eg:
Anonymous Authenticated Manager Wizard
BeAnon x
View x x x
Change x
Delete x
Magik x
So, the anonymous user can view things, and is the only user who can BeAnon
A manager can View and Delete things, they can also Change things by way
of their being authenticated.
A person with only the Wizard role will be able to do Magik as well as
change and view things by way of being authenticated.
A user with Manager and Wizard roles will be able to view, change,
delete and do magik, but even that magik won't allow them to BeAnon ;-)
HTH,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list