Merge pull request #44 from plone/auth-role

Automatically give authenticated users new `plone.Authenticated` role

src/plone.server/CHANGELOG.rst

@@ -1,6 +1,9 @@
 1.0a9 (unreleased)
 ------------------
 
+- Automatically give authenticated users new `plone.Authenticated` role
+  [vangheem]
+
 - Handle error when deserializing content when not authenticated and checking
   permissions
   [vangheem]

src/plone.server/plone/server/auth/participation.py

@@ -32,6 +32,8 @@ async def __call__(self):
             if user is not None:
                 self.request._cache_user = user
                 self.principal = user
+                if hasattr(user, '_roles') and 'plone.Authenticated' not in user._roles:
+                    user._roles['plone.Authenticated'] = 1
         else:
             self.principal = getattr(self.request, '_cache_user', None)
 

src/plone.server/plone/server/permissions.zcml

@@ -129,6 +129,12 @@
       description="All users have this role implicitly"
       />
 
+  <role
+      id="plone.Authenticated"
+      title="Authenticated user"
+      description="Role automatically assigned to authenticated users"
+      />
+
   <role
       id="plone.Member"
       title="Site Member" />