Reorder explanation of the security policy default rules to make them…

… a bit easier to understand.
zopefoundation · Feb 4, 2010 · 0b6668b · 0b6668b
1 parent 95bd510
commit 0b6668b
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/zdgbook/Security.rst b/zdgbook/Security.rst
@@ -117,21 +117,21 @@ In short, the default Zope security policy ensures the following:
 - access to an object which does not have any associated security
   information is always denied.
 
+- access to an object whose name begins with the underscore
+  character '_' is always denied.
+
+- if the object has a security assertion declaring it *private*, then
+  access will be denied.
+
+- if the object has a security assertion declaring it *public* , then
+  access will be granted.
+
 - if an object is associated with a permission, access is granted or
   denied based on the user's roles.  If a user has a role which has
   been granted the permission in question, access is granted.  If the
   user does not possess a role that has been granted the permission
   in question, access is denied.
 
-- if the object has a security assertion declaring it *public* , then
-  access will be granted.
-
-- if the object has a security assertion declaring it *private*, then
-  access will be denied.
-
-- accesses to objects that have names beginning with the underscore
-  character '_' are always denied.
-
 As we delve further into Zope security within this chapter, we'll see
 exactly what it means to associate security information with an
 object.