[Zope] Re: [Zope3-dev] a note on groups and roles
Lennart Regebro
lennart@torped.se
Mon, 25 Mar 2002 16:57:56 +0100
From: "Jim Fulton" <jim@zope.com>
> - For sites that need fine-grained permissions, we'll provide a mechanism
> for grouping permissions in the UI. See for example:
http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/GroupingPer
missions
Aha, I hadn't seen that one before. It looks fine. Have you decided how the
permissions should be grouped? I couldn't find anything on that in the
proposal.
And thanks for the link to the SecurityArchitecture text. I looked for it
under Proposals and couldn't find it. I was thinking I had hallucinated when
I had read it before. :-)
> [Anonymous] is a group that includes all other principals.
I don't agree. When you have logge din, you are a principial. What are you
when you are not logged in? Even if the group Anonymous includes all
principials, a not-logged-in user would not have a principial and therefore
not be a part of anonymous either.
And btw, it would it make it impossible for a logged in user to have less
permissions than an anonymous user. But I guess that is a rather obscure
need, but still. :-)
> Perhaps [Authenticated] should be viewed as a group that all principals
> with any credentials are in.
Well, unless Anonymous is a pricnipial, all principials will have
credentials, right? :-) But with Anonymous as a special principal
Authenticated could be a group that includes all principials, except
Anonymous.