[Zope-dev] User objects on 2.2

Chris Withers chrisw@nipltd.com
Wed, 20 Sep 2000 15:51:35 +0100


Lalo Martins wrote:
> (So, to allow Anonymous to call has_permission on itself you
> have to enable "Access content information" for Anonymous on
> /acl_users)

Hmmm, it might be safer to give Anonymous access to something liek a
DTML method which does the work and calls has_permission and give this
menthod a proxy role of manager or something. Giving Anonymous the
"Access content information" probably opens up more than you intended.

cheers,

Chris