[Grok-dev] Re: Protecting views to allow anonymous access only

Philipp von Weitershausen philipp at weitershausen.de
Thu Jul 31 06:37:30 EDT 2008

El 31 Jul 2008, a las 12:26 , Dennis Noordsij escribió:
> You could do the following:
> In buildout.cfg,
> <unauthenticatedPrincipal id="zope.anybody"
>          title="Anonymous user" />
> <grant permission="mysite.Anonymous" principal="zope.anybody" />
> Then you can protect a view with mysite.Anonymous and only not- 
> logged-in
> users can access it.
> (I use it to add a "login", "register", etc viewlet to the default  
> layout).
> Or am I missing the problem?

I suppose that would work, if you only assign the permission to the  
anonymous *principal*. Because zope.securitypolicy implicitly assigns  
the anonymous *role* to anybody.

However, there's still one caveat. Manager roles, in other words,  
roles that were granted everything using <grantAll /> literally can do  
*everything*, without having any permission granted explicitly. So the  
above trick would allow the anonymous principal to carry out the task  
and nobody else except "managers" (for the lack of a better word).  
Managers would still be able to access the component no matter what.

More information about the Grok-dev mailing list