[Zope] role, user defined roles, and inclusion

Florent Guillaume fg at nuxeo.com
Mon Apr 4 09:04:54 EDT 2005


Chris Withers wrote:
> Florent Guillaume wrote:
>> When doing user.getRoles(). Because as Tres said more clearly than me,
>> every user can do what the Anonymous role can, so it's just being
>> consistent to express that in user.getRoles(). IMHO.
> 
> Well yours is the only userfolder implementation that does.
> 
> While I agree in the security short circuiting code, I think having a 
> getRoles return Anonymous and Authenticated at the same time is bizarre...

I understand it could be viewed that way. Anyway we haven't found any 
problem in doing this. I'll look if it can be removed safely.

OTOH Anonymous and Authenticated really shouldn't be roles but groups, 
and indeed in CPS we have special groups representing Anonymous and 
Authenticated. That makes things *much* more orthogonal, and local roles 
(local group roles actually) can be used with them to assign rights. But 
I digress.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com


More information about the Zope mailing list