I have a need (or plone.app.caching does) to force an image in a FSDirectoryView to list 'Anonymous' among roles for 'View' permission. I need this to be explicit and non-acquired as the image (a logo) may be loaded by my viewlet in a site context that is not visible to Anonymous.
I cannot seem to do make my image by adding a .metadata file with following content:
[security]
View=0:Anonymous
It would be nice if this worked, but I am not sure what I am doing wrong. I have tried re-adding the FSDirectoryView through ZMI, restarting instances, etc. But I do not get 'Anonymous' in result of AccessControl.PermissionRole.rolesForPermissionOn('View', my_image_in_some_context)
I need this to be explicit and non-acquired as the image (a logo) may be loaded by my viewlet in a site context that is not visible to Anonymous.
When you grant "View" to "Anonymous", then the "acquired" setting is no longer important: whether acquired or not all users can access your image.
[security]
View=0:Anonymous
This should work. In the examples ("Products.CMFCore.tests:fake_skins/test4.py.metadata") the "=" is surrounded by white space, but I do not think that this will make a difference. I do not know why it seems not to work for you.
As a workaround, you might "customize" your image and then use ".../manage_access" on the customized object to adjust the grants for the "View" permission via the ZMI.
