To Dennis: I use Zope 2.9.5 final. Is this version concern<br><br><div><span class="gmail_quote">2007/3/12, Dieter Maurer <<a href="mailto:dieter@handshake.de">dieter@handshake.de</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Garito wrote at 2007-3-12 04:04 +0100:<br>> ...<br>>In my code I don't use nothing about security and nothing is changed on<br>>zmi's security tab<br>><br>>But when I launch a method (Borrar if you remember) the user who launches
<br>>the action is anonymous not the logged one<br><br>Your problem description is too terse to say something definite about<br>the real problem.<br><br>But, I can tell you that whether or not a user appears to be<br>anonymous or logged in only slightly depends on security settings.
<br><br>The process is as follows:<br><br> The url traversal determines the published object and<br> the path to reach it. From the published object the roles are determined<br> necessary to access it.<br> Then a user folder is looked for that can authenticate a user
<br> from the current request with the required roles. This lookup<br> proceeds in the reverse order than the url traversal.<br><br> Thus, unless you have given your object unreasonable roles (usually<br> you protect by a permission which is then mapped to a set of roles),
<br> the authenticated user primarily depends on the authentication<br> information in the request.<br><br>In what kind the request contains authentication information<br>highly depends on the form of authentication you are using.
<br>There are at least two widely used approaches: cookie based authentication<br>and HTTP (basic) authentication.<br><br>In the first case, the user will appear "anonymous" whenever<br>cookies are disabled.<br>
<br><br><br>--<br>Dieter<br></blockquote></div><br><br clear="all"><br>-- <br>Mis Cosas: <a href="http://blogs.sistes.net/Garito">http://blogs.sistes.net/Garito</a>