# HG changeset patch # User Thierry Florac # Date 1523457713 -7200 # Node ID 819db271bc1fc17e8d9660a88fed536c4fb48dbb # Parent 527542e50a28db60e98e675db30134765cb55a28 Updated base site root ACL diff -r 527542e50a28 -r 819db271bc1f src/pyams_utils/site.py --- a/src/pyams_utils/site.py Wed Apr 11 10:50:38 2018 +0200 +++ b/src/pyams_utils/site.py Wed Apr 11 16:41:53 2018 +0200 @@ -17,7 +17,7 @@ # import interfaces from pyams_utils.interfaces import PYAMS_APPLICATION_SETTINGS_KEY, PYAMS_APPLICATION_DEFAULT_NAME, \ - PYAMS_APPLICATION_FACTORY_KEY + PYAMS_APPLICATION_FACTORY_KEY, PUBLIC_PERMISSION from pyams_utils.interfaces.site import ISiteRoot, ISiteRootFactory, INewLocalSiteCreatedEvent, ISiteUpgradeEvent, \ ISiteGenerations, SITE_GENERATIONS_KEY, IConfigurationManager from zope.annotation.interfaces import IAnnotations @@ -30,7 +30,7 @@ from pyams_utils.registry import get_utilities_for, query_utility from pyramid.exceptions import NotFound from pyramid.path import DottedNameResolver -from pyramid.security import Allow, ALL_PERMISSIONS +from pyramid.security import Allow, Everyone, ALL_PERMISSIONS from pyramid.threadlocal import get_current_registry from pyramid_zodbconn import get_connection from zope.container.folder import Folder @@ -47,10 +47,13 @@ A site root can be used as base application root in your ZODB. It's also site root responsibility to manage your local site manager. - BaseSiteRoot defines a basic ACL which gives all permissions to system administrator. + BaseSiteRoot defines a basic ACL which gives all permissions to system administrator, + and 'public' permission to everyone. But this ACL is generally overriden in subclasses + which also inherit from :ref:`pyams_security.security.ProtectedObject`. """ - __acl__ = [(Allow, 'system:admin', ALL_PERMISSIONS)] + __acl__ = [(Allow, 'system:admin', ALL_PERMISSIONS), + (Allow, Everyone, {PUBLIC_PERMISSION})] config_klass = None