This recipe describes how to configure Kotti to require users to log in before they can view any of your site's pages.
To achieve this, we'll have to set our site's ACL. A custom populator will help us do that (see :ref:`kotti.populators`).
Remember that the default site ACL gives view
privileges to every
user, including anonymous (see :ref:`develop-security`). We'll thus
have to restrict the view
permission to the viewer
role:
from kotti.resources import get_root
SITE_ACL = [
(u'Allow', u'role:viewer', [u'view']),
(u'Allow', u'role:editor', [u'view', u'add', u'edit']),
]
def populate():
site = get_root()
site.__acl__ = SITE_ACL