[Zope] Re: Every user should have the Anonymous role everywhere (was :Re: [Zope] Authentication, Anonymous and Public)

Chris Withers chrisw@nipltd.com
Mon, 03 Jul 2000 10:25:41 +0100


Dieter Maurer wrote:
>  > > In Zope, each user has a set of roles.
>  > > Any user has the "Anonymous" role. Log-in users may have
>  > > additional roles.
>  >
>  > I'm not convinced this is true...

> The Content Manager Guide (Security, Authorization) states it
> this way:
> 
>   The "Anonymous" role, which all users have implicitly, ....

...and check out the last time the Content Manager's Guide was updated
;-)

Seriously, though, I think this SHOULD be true, although I'm pretty sure
it isn't.

> This is natural, too.
> Why should a registered user have
> less authorization than an anonymous one.

Or, to put it another way, just because an acl_users folder doesn't know
anything about a user, why should that user not have the anonymous role?

> Thus, two reasons to change the Zope authorization, such
> that each user has implicitely the "Anonymous" role,
> if this is not the case now.

I totally agree :-)

Chris