[Grok-dev] zope.Anybody versus zope.Everybody in grokproject?

Souheil CHELFOUH trollfot at gmail.com
Thu Jan 7 13:45:35 EST 2010


====================
test for permissions
====================

IN THE ZCML, WE HAVE::

  <unauthenticatedPrincipal
      id="zope.anybody"
      title="Unauthenticated User" />

  <unauthenticatedGroup
      id="zope.Anybody"
      title="Unauthenticated Users" />

  <authenticatedGroup
      id="zope.Authenticated"
      title="Authenticated Users" />

  <everybodyGroup
      id="zope.Everybody"
      title="All Users" />

  <principal
      id="test.test"
      title="Zope test user"
      login="test"
      password="ztest"
      />

  <grant permission="test.perm"
	 principal="zope.Anybody" />

  <grant permission="test.anotherperm"
	 principal="zope.Everybody" />


WE REGISTER 2 VIEWS::

  >>> import grok
  >>> from zope.interface import Interface

  >>> class One(grok.View):
  ...   grok.require('test.perm')
  ...   grok.context(Interface)
  ...   def render(self): return 'one'

  >>> grok.testing.grok_component('one', One)
  True

  >>> class Two(grok.View):
  ...   grok.require('test.anotherperm')
  ...   grok.context(Interface)
  ...   def render(self): return 'two'

  >>> grok.testing.grok_component('two', Two)
  True


WE ARE NOW LOGGED IN::

  >>> from zope.testbrowser.testing import Browser
  >>> browser = Browser()
  >>> browser.addHeader('Authorization', 'Basic test:ztest')

  >>> browser.open('http://127.0.0.1/@@one')
  Traceback (most recent call last):
  ...
  HTTPError: HTTP Error 403: Forbidden

  >>> browser.open('http://127.0.0.1/@@two')
  >>> browser.contents
  'two'


WE ARE NOW LOGGED OUT::

  >>> browser = Browser()

  >>> browser.open('http://127.0.0.1/@@one')
  >>> browser.contents
  'one'

  >>> browser.open('http://127.0.0.1/@@two')
  >>> browser.contents
  'two'


2010/1/7 Vincent Fretin <vincent.fretin at gmail.com>:
> Well, I can't reproduce the problem with a fresh dolmen installation and a PAU.
> All is working as expected. The created user in the PAU don't have
> access to the @@myview if
>      <grant permission="zope.View"
>             principal="zope.Anybody" />
>
> And if
>      <grant permission="zope.View"
>             principal="zope.Everybody" />
> He have access to the view.
>
> Maybe I messed up with the dolmen roles in my previous install...
> Sorry for the noise.
> _______________________________________________
> Grok-dev mailing list
> Grok-dev at zope.org
> https://mail.zope.org/mailman/listinfo/grok-dev
>


More information about the Grok-dev mailing list