[Zope3-Users] Denying permissions for 'everybody' - which principals to use?

Stephan Richter srichter at cosmos.phy.tufts.edu
Tue Dec 13 14:51:24 EST 2005

On Wednesday 16 November 2005 15:38, Jeff Shell wrote:
> Am I denying the right person here? Globally, the permission is set up
> as follows:
>                        {'permission': 'zope.View',
>                         'role': 'zope.Anonymous',
>                         'setting': PermissionSetting: Allow},
> Should I Deny access to the zope.Anonymous role?

Yeah, you need to deny all permissions to anonymous. Note that then anonymous 
cannot see any pages whatsoever, which is probably what you want.

> To the Everybody group?

no, that's not necessary.

> To the Unauthenticated Group?

You could do that, if you like.

> Right now, I only deny the  principal:
>     def denyUnauthenticated(self):
>         """ Explicitly deny the view permissions for unauthenticated users.
> """ anybody = zapi.getUtility(IUnauthenticatedPrincipal).id
>         pmanager = IPrincipalPermissionManager(self.context)
>         for permission in self._view_permissions:
>             pmanager.denyPermissionToPrincipal(permission, anybody)

mmh, that should work though.

> The point of this simple 'sharing' interface is to let our customer
> have a press folder that they can restrict access to by allowing only
> limited people in to it. We're trying to keep the user interface as
> simple as possible.

Yep, that's a noble/good goal. :-)

Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training

More information about the Zope3-users mailing list