[Zope-CMF] View permissions not triggering

Charlie Clark charlie.clark at clark-consulting.eu
Sat Jun 26 10:08:36 EDT 2010

Am 26.06.2010, 16:03 Uhr, schrieb yuppie <y.2010 at wcm-solutions.de>:

Hiya yuppie,

I guess it's only appropriate that you replied to this.

> Which "current check" do you mean? Right now there is no logged_in view
> so there is no permission check for a logged_in view.

In the PythonScript logged_in.py the following check is performed:

isAnon = mtool.isAnonymousUser()
if isAnon:
     context.REQUEST.RESPONSE.expireCookie('__ac', path='/')
     options['is_anon'] = True
     options['title'] = _(u'Login failure')
     options['admin_email'] = ptool.getProperty('email_from_address')

>> by a view permission such as
>> "cmf.AddPortalContent" but no matter what I set the view remains  
>> callable
>> by a non-authenticated user. Are the permissions being ignored or have I
>> got the wrong end of the stick?

> In case you are modifying the permission for the logged_in *action*
> you've got the wrong end.

No, I mean the permission set in the zcml view registration. As previously  
discussed, I don't think "logged_in" and "logged_out" should be portal  
actions as they are states.

Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226

More information about the Zope-CMF mailing list