--- a/src/pyams_security/interfaces/__init__.py	Wed Jun 17 09:59:26 2015 +0200
+++ b/src/pyams_security/interfaces/__init__.py	Tue Jun 30 15:02:07 2015 +0200
@@ -714,14 +714,26 @@
                                    required=True,
                                    default=True)
 
-    everyone_permissions = PermissionsSetField(title=_("Public permissions"),
-                                               description=_("These permissions will be granted to all users"),
+    everyone_denied = PermissionsSetField(title=_("Public denied permissions"),
+                                          description=_("These permissions will be denied to all users. "
+                                                        "Denied permissions take precedence over granted "
+                                                        "ones."),
+                                          required=False)
+
+    everyone_granted = PermissionsSetField(title=_("Public granted permissions"),
+                                           description=_("These permissions will be granted to all users"),
+                                           required=False)
+
+    authenticated_denied = PermissionsSetField(title=_("Authenticated denied permissions"),
+                                               description=_("These permissions will be denied to "
+                                                             "authenticated users. Denied permissions "
+                                                             "take precedence over granted ones."),
                                                required=False)
 
-    authenticated_permissions = PermissionsSetField(title=_("Authenticated permissions"),
-                                                    description=_("These permissions will be granted to authenticated "
-                                                                  "users"),
-                                                    required=False)
+    authenticated_granted = PermissionsSetField(title=_("Authenticated granted permissions"),
+                                                description=_("These permissions will be granted to authenticated "
+                                                              "users"),
+                                                required=False)
 
     inherit_parent_roles = Bool(title=_("Inherit parent roles?"),
                                 description=_("Get roles granted on parent levels"),
@@ -749,6 +761,21 @@
     def get_permissions(self, principal_id):
         """Get ID of permissions granted to given principal"""
 
+    def get_everyone_denied(self):
+        """Get denied permissions for everyone, including inherited ones"""
+
+    def get_everyone_granted(self):
+        """Get granted permissions for everyone, including inherited ones"""
+
+    def get_authenticated_denied(self):
+        """Get denied permissions for authenticated, including inherited ones"""
+
+    def get_authenticated_granted(self):
+        """Get granted permissions for authenticated, including inherited ones"""
+
+    def get_granted_roles(self):
+        """Get all roles, including inherited ones"""
+
 
 class IRoleProtectedObject(IProtectedObject):
     """Roles protected object interface"""
changeset 44	b999bd4dd461
parent 42	07229ac2497b
child 55	5713898178f3