New Denying role on anonymous user in 6.9: How to handle it for add-on users?


a bit of context: my forgot-password add-on needs to show a screen (resetPassword) on login window, so in the context of the anonymous user.

Now that the anonymous user has a denying role by default (and that’s ok, it was wrong before), when a user installs my component on 6.9, it receives an Access Denied error when it clicks on the Forgot password link in the login window.

How should I handle this?

  • A) document this on README and let my consumers add the appropriate permission to the Anonymous role
  • B) try to automate this on application startup (but this is a bit risky, as it means fiddling with the app roles)

Thanks for your opinions on this matter,

Hi Paolo,

In my opinion, documenting this on README would be just fine. Automation is a good thing of course, but there is a range of possible issues here - older versions that don’t have such default role, project customizations of roles, etc. So it would require some non-trivial logic on app start, and the result would be nevertheless uncertain.