Garito wrote at 2007-3-12 04:04 +0100: > ... >In my code I don't use nothing about security and nothing is changed on >zmi's security tab > >But when I launch a method (Borrar if you remember) the user who launches >the action is anonymous not the logged one
Your problem description is too terse to say something definite about the real problem. But, I can tell you that whether or not a user appears to be anonymous or logged in only slightly depends on security settings. The process is as follows: The url traversal determines the published object and the path to reach it. From the published object the roles are determined necessary to access it. Then a user folder is looked for that can authenticate a user from the current request with the required roles. This lookup proceeds in the reverse order than the url traversal. Thus, unless you have given your object unreasonable roles (usually you protect by a permission which is then mapped to a set of roles), the authenticated user primarily depends on the authentication information in the request. In what kind the request contains authentication information highly depends on the form of authentication you are using. There are at least two widely used approaches: cookie based authentication and HTTP (basic) authentication. In the first case, the user will appear "anonymous" whenever cookies are disabled. -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )