[Zope-Coders] Re: [CMF-checkins] CVS: CMF/CMFWiki -
CMFWikiPage.py:1.28
Chris McDonough
chrism@zope.com
21 Oct 2002 13:41:02 -0400
On Mon, 2002-10-21 at 11:55, Florent Guillaume wrote:
> Chris McDonough <chrism@zope.com> wrote:
> > --- CMF/CMFWiki/CMFWikiPage.py:1.27 Sat Aug 3 23:51:56 2002
> > +++ CMF/CMFWiki/CMFWikiPage.py Thu Oct 17 15:38:37 2002
> > @@ -467,11 +467,11 @@
> > get_transaction().note(log)
> > self.last_log = log
> > user = getSecurityManager().getUser()
> > - username = user.getUserName()
> > - if username == 'Anonymous User':
> > + if user.getUserName() == 'Anonymous User':
> > username = ''
>
> I know this isn't really Chris's code, but anyway:
>
> Ideally, should this kind of check be done on the name or id? I'd have
> said id, but maybe I'm wrong.
>
I left these checks in because I didn't want to break anything, but
you're right... there should be a more acceptable way to check if the
user is anonymous.
> Shouldn't we really compare to the SpecialUsers.nobody user?
It would tough to do that in a PythonScript, although I suppose we could
make module security assertions about that object. A reasonable
alternative way might be to encourage folks to make sure that the user
has the "Authenticated" role, as this functionality is easily available
from protected and TTW code. The anonymous user is the only user who
does not have this role.
- C