Dieter Maurer wrote:
> > > In Zope, each user has a set of roles.
> > > Any user has the "Anonymous" role. Log-in users may have
> > > additional roles.
> >
> > I'm not convinced this is true...
> The Content Manager Guide (Security, Authorization) states it
> this way:
>
> The "Anonymous" role, which all users have implicitly, ....
...and check out the last time the Content Manager's Guide was updated
;-)
Seriously, though, I think this SHOULD be true, although I'm pretty sure
it isn't.
> This is natural, too.
> Why should a registered user have
> less authorization than an anonymous one.
Or, to put it another way, just because an acl_users folder doesn't know
anything about a user, why should that user not have the anonymous role?
> Thus, two reasons to change the Zope authorization, such
> that each user has implicitely the "Anonymous" role,
> if this is not the case now.
I totally agree :-)
Chris
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )