[Zope] Re: [Archetypes-devel] Anonymous users creating/modifying Archetypes site content

Alec Mitchell apm13 at columbia.edu
Sun Jan 11 18:01:14 EST 2004


On Sunday 11 January 2004 02:42 pm, Jack Miller wrote:
> Created a folder archtype, set perms on an instance of the folder archetype
> to allow anonymous users to "Add Portal Content", "Modify Portal Content",
> and "View" - figuring I would run it wide open and then tighten things
> down. These appear to be the only perms referenced in BaseObject.py and
> Schema.py. On my folder content archetype ("Volunteer"), I used the
> property
> write_permission=CMFCorePermissions.View, on all the fields, including
> overloading ID and Title.  I've included it for inspection.  These
> configurations produce the following behavior: I can get an edit form with
> all the fields on it, but when I click "Save" it asks for authentication.

The first thing I would try to do is look at the security tab in the root of 
your Plone instance.  Take all of the permissions normally assigned to 
'Member' (and perhaps to 'Owner' if that doesn't work) and assign them to 
anonymous.  If that works, try removing the permissions that you feel are 
overkill one by one (my guess here is that anonymous needs 'List Folder 
Contents', but it really could be almost anything).  If that doesn't work try 
installing the VerboseSecurity product, and erasing the CookieCrumbler 
'cookie_authentication' instance's 'Auto-login page ID' field so that you can 
see the traceback and which permissions are needed.  I hope that helps.

Alec Mitchell




More information about the Zope mailing list