[Grok-dev] Re: Protecting views to allow anonymous access only
Philipp von Weitershausen
philipp at weitershausen.de
Thu Jul 31 06:37:30 EDT 2008
El 31 Jul 2008, a las 12:26 , Dennis Noordsij escribió:
> You could do the following:
> In buildout.cfg,
> <unauthenticatedPrincipal id="zope.anybody"
> title="Anonymous user" />
> <grant permission="mysite.Anonymous" principal="zope.anybody" />
> Then you can protect a view with mysite.Anonymous and only not-
> users can access it.
> (I use it to add a "login", "register", etc viewlet to the default
> Or am I missing the problem?
I suppose that would work, if you only assign the permission to the
anonymous *principal*. Because zope.securitypolicy implicitly assigns
the anonymous *role* to anybody.
However, there's still one caveat. Manager roles, in other words,
roles that were granted everything using <grantAll /> literally can do
*everything*, without having any permission granted explicitly. So the
above trick would allow the anonymous principal to carry out the task
and nobody else except "managers" (for the lack of a better word).
Managers would still be able to access the component no matter what.
More information about the Grok-dev