# HG changeset patch
# User Thierry Florac <thierry.florac@onf.fr>
# Date 1523457832 -7200
# Node ID e29e9774400a3fd45b9695ea038bf56e0212641a
# Parent  bab0e0098c8e52bf3c4df97ebdc0ccceee978f60
Update default protected object ACL to grant 'public' permission to everyone

diff -r bab0e0098c8e -r e29e9774400a src/pyams_security/security.py
--- a/src/pyams_security/security.py	Wed Apr 11 11:40:14 2018 +0200
+++ b/src/pyams_security/security.py	Wed Apr 11 16:43:52 2018 +0200
@@ -9,6 +9,7 @@
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
 # FOR A PARTICULAR PURPOSE.
 #
+from pyams_utils.interfaces import PUBLIC_PERMISSION
 
 __docformat__ = 'restructuredtext'
 
@@ -170,7 +171,9 @@
     @request_property(key=None)
     def __acl__(self):
         # always grant all permissions to system manager
-        result = [(Allow, ADMIN_USER_ID, ALL_PERMISSIONS)]
+        # and 'public' permission to everyone
+        result = [(Allow, ADMIN_USER_ID, ALL_PERMISSIONS),
+                  (Allow, Everyone, {PUBLIC_PERMISSION})]
         # grant access to all roles permissions
         for role_id in self.get_granted_roles():
             role = query_utility(IRole, role_id)