[Grok-dev] Unauthorized, but only on the upgraded Grok project (bug in 1.0b2?)

Jan-Wijbrand Kolman janwijbrand at gmail.com
Tue Oct 6 06:25:16 EDT 2009

Sebastian Ware wrote:
> Problem solved with:
>> grok.require('zope.Public')


Let me try to explain:

* Generally a view that accepts login credentials can itself not require 
authentication. The key would be stored in the safe otherwise.

* Starting with Grok 1.0b2 views that do not explicitly set a require, 
will have the 'zope.View' permission requirement and not 'zope.Public' 
anymore. It is important to realize that 'zope.View' really is a 
permssion, whereas 'zope.Public' is not a permission, but merely an 
indicator to the zope security machinery that this view does not need 
any checking of permissions at all.

Now, what I still do not really understand about this situation is that 
you said you have added...

   <grant permission="zope.View" principal="zope.Anybody" />

...to your project's site.zcml file. And this apparently still made the 
Login view to require authentication. I wonder if the "grant" somehow 
was not picked up by your project? Or if this "grant" is not enough for 
in certain situations?

This needs a bit of thinking and experimentation. If there's indeed a 
bug in Grok or in the upgrade docs I'd really like to find it soonish...


More information about the Grok-dev mailing list