Forum OpenACS Q&A: Re: What Triggers A User Login
Pages beneath www/admin/ are automatically restricted to users with admin privilege on the package.
All of the permission stuff I've looked at, including require_permission, relate objects rather than pages but there is no object to reference on this page - its purpose is to create an object. Or am I missing something about objects here?
The rights of such unrestricted pages are not inherited from the index page but should rather be the same for all pages, according to the permissions you set for the package instance in the site-map.
In the site map the url for my package has permissions set for public read and public create so if everything is working and I don't explicitly code the calls you mention I should be able to display the submission page without getting a login.
Two thoughts occur:
1. I have the parameter RestrictEntireServerToRegisteredUsersP set to 0. Are there any known problems with this?
2. I was testing by logging out then calling the index page. Is there anything (other than the session_id cookie which I deleted) which could be triggering the sign-on? The developement machine is behind the firewall otherwise I'd ask someone to try requesting the page to see what they get.
Anything else I can check?