[FLOW3-general] Roles question
Zachary Davis
zach at castironcoding.com
Fri Jan 20 05:10:45 CET 2012
I spent some time reviewing how FLOW3 handles ACLs today. I can see that
FLOW3 considers all users as belonging to the "everybody" role. However,
that role doesn't seem to be very useful, since if I deny Everybody
anything, then, well, everybody will be denied access ;)
Is there an easy way, then, to add all users who are _not_ authenticated
to a default role? It's not uncommon, for example, to have a controller
class that should only be accessible to authenticated users. If FLOW3
assigned users to a "nobody" role (which is different from an everybody
group), I could write policy based on that instead of checking for
authentication in my controllers.
Or, am I missing something?
Zach
More information about the FLOW3-general
mailing list