New Denying role on anonymous user in 6.9: How to handle it for add-on users?

Add-ons
#1

Hi

a bit of context: my forgot-password add-on needs to show a screen (resetPassword) on login window, so in the context of the anonymous user.

Now that the anonymous user has a denying role by default (and that’s ok, it was wrong before), when a user installs my component on 6.9, it receives an Access Denied error when it clicks on the Forgot password link in the login window.

How should I handle this?

  • A) document this on README and let my consumers add the appropriate permission to the Anonymous role
  • B) try to automate this on application startup (but this is a bit risky, as it means fiddling with the app roles)

Thanks for your opinions on this matter,
Paolo

#3

Hi Paolo,

In my opinion, documenting this on README would be just fine. Automation is a good thing of course, but there is a range of possible issues here - older versions that don’t have such default role, project customizations of roles, etc. So it would require some non-trivial logic on app start, and the result would be nevertheless uncertain.

2 Likes