Forum OpenACS Q&A: Who is what in the permissions?

Collapse
1: Who is what in the permissions?
Posted by Kolja Lehmann on 03/30/03 01:23 PM
Can someone tell me what is the difference between "unregistered visitor" and "the public"? is it possible to allow users to access the start page of a module but restrict the access to other pages? If I have a privilege which is the child of another one like: 
acs_privilege.add_child('read','survey_take_survey');
Is anyone who can read also entitled to take_survey?
Collapse
2: Re: Who is what in the permissions? (response to 1)
Posted by Tilmann Singer on 03/30/03 06:23 PM
I think that unregistered visitor has been added by Don in 4.6.1 so that the special user_id 0 corresponds to an actual party. For granting permissions to non-registered users I would still use 'The Public'.

Regarding your privilege question: yes, that's the way it works. I wonder though if it wouldn't make more sense to define survey_take_survey as child of write, since entering data in a survey is quite different from just reading it, but then you would propably have to restrict editing the surveys to the admin privilege and I don't know if that is desired.

In any case, a table in the docs that lists every privilege and the effect it has when granted on the package_id itself and on the objects of the package, as well as info on default inheritance behaviour of the objects is always well appreciated by all users of your package 😉.

Collapse
3: Re: Who is what in the permissions? (response to 1)
Posted by Don Baccus on 03/30/03 10:23 PM
Tilman's right ... the "unregistered visitor" is equivalent to "anonymous coward" in Slashdot.  We've always assigned user_id = 0 for visitors who haven't registered and logged into the site, but prior to 4.6.1 user_id was "fake", not represented in the datamodel.  Users who are logged in always have a user_id > 0.

The major motivation for adding user_id = 0 explicitly to parties was to speed permissions because it removes special-case checking that existed before.  In the future we may tweak things so that letting "The Public" post to a forum would allow unregistered vistors to post anonymously (if one chooses to allow this of course.)

So ... "unregistered visitor" is the party that represents a visitor who is visiting but hasn't registered.  "registered users" represents the set of all users who've registered with the system.  "the public" represents the set of all users, i.e. the union of "registered users" and the special "unregistered visitor" party.