[Zope3-dev] Re: Zope security policy
Philipp von Weitershausen
philipp at weitershausen.de
Thu Mar 10 11:09:55 EST 2005
Garrett Smith wrote:
> Our app needs to not grant anonymous view access. It's not clear to me
> how I can do this without:
>
> - Duplicating the entire contents of z/a/securitypolicy/configure.zcml
> in our site.zcml (sans the anonymous grants)
>
> - Physically changing z/a/securitypolicy.zcml on installation
>
> The note in configure.zcml implies that we choose the later, but that's
> bad.
Yes, it seems to imply that and yes, it's bad.
> Unless there's an existing solution, I propose that we move the
> anonymous grants into securitypolicy.zcml and leave
> z/a/ssecuritypolicy/configure.zcml strictly for setting up components
> for the package.
That would make a lot of sense, I think, since we already have a
securitypolicy.zcml anyway. I guess you're talking about these
directives, which definitely are instance-matters:
<role id="zope.Anonymous" title="Everybody"
description="All users have this role implicitly" />
<role id="zope.Manager" title="Site Manager" />
<role id="zope.Member" title="Site Member" />
<!-- Replace the following directive if you don't want public access -->
<grant permission="zope.View"
role="zope.Anonymous" />
<grant permission="zope.app.dublincore.view"
role="zope.Anonymous" />
<grantAll role="zope.Manager" />
More information about the Zope3-dev
mailing list