[Grok-dev] zope.Anybody versus zope.Everybody in grokproject?

Vincent Fretin vincent.fretin at gmail.com
Thu Jan 7 06:27:59 EST 2010


Hi,

Well, Souheil told me this, so I wrote that.

I didn't verify it, I've just tested with a simple view:

class MyView(grok.View):
    grok.context(Interface)
    grok.require("zope.View")
    def render(self):
        return "coucou"

With
<grant permission="zope.View"
        principal="zope.Anybody" />
or
<grant permission="zope.View"
        principal="zope.Everybody" />

I get access to the view as unauthenticated or authenticated member
(with a PAU).

Is it normal? Souheil?
I don't know how unauthenticatedGroup, authenticatedGroup,
everybodyGroup zcml directives work internally.

regards

Vincent


On Thu, Jan 7, 2010 at 1:40 AM, Martijn Faassen <faassen at startifact.com> wrote:
> Hi there,
>
> I'm too lazy to check grokproject myself, but I just read this:
>
> """
> In etc/site.zcml.in, replace:
>
> <grant permission="zope.View"
>        principal="zope.Anybody" />
> <grant permission="zope.app.dublincore.view"
>        principal="zope.Anybody" />
>
> by:
>
> <grant
>     permission="zope.View"
>     principal="zope.Everybody" />
> <grant
>     permission="dolmen.content.View"
>     principal="zope.Everybody" />
> <grant
>     permission="zope.app.dublincore.view"
>     principal="zope.Everybody" />
>
>
> Be careful:
>
> * zope.Anybody applies to unauthenticated users only.
> * zope.Everybody applies to both unauthenticated and authenticated users.
> """
>
> This sounds like something we should fix like this in grokproject.
>
> I thought there was a fix in grokproject already to add an extra view
> permission to "zope.Authenticated", but using zope.Everybody sounds like
> a cleaner fix. In addition it appears our fix was incomplete for
> zope.app.dublincore.view?
>
> regards,
>
> Martijn
>
> _______________________________________________
> Grok-dev mailing list
> Grok-dev at zope.org
> https://mail.zope.org/mailman/listinfo/grok-dev
>


More information about the Grok-dev mailing list