[Zope3-Users] Denying permissions for 'everybody' - which
principals to use?
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Dec 13 14:51:24 EST 2005
On Wednesday 16 November 2005 15:38, Jeff Shell wrote:
> Am I denying the right person here? Globally, the permission is set up
> as follows:
>
> {'permission': 'zope.View',
> 'role': 'zope.Anonymous',
> 'setting': PermissionSetting: Allow},
>
> Should I Deny access to the zope.Anonymous role?
Yeah, you need to deny all permissions to anonymous. Note that then anonymous
cannot see any pages whatsoever, which is probably what you want.
> To the Everybody group?
no, that's not necessary.
> To the Unauthenticated Group?
You could do that, if you like.
> Right now, I only deny the principal:
>
> def denyUnauthenticated(self):
> """ Explicitly deny the view permissions for unauthenticated users.
> """ anybody = zapi.getUtility(IUnauthenticatedPrincipal).id
> pmanager = IPrincipalPermissionManager(self.context)
> for permission in self._view_permissions:
> pmanager.denyPermissionToPrincipal(permission, anybody)
mmh, that should work though.
> The point of this simple 'sharing' interface is to let our customer
> have a press folder that they can restrict access to by allowing only
> limited people in to it. We're trying to keep the user interface as
> simple as possible.
Yep, that's a noble/good goal. :-)
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-users
mailing list