Story #2659

Updated by Tom Clegg about 6 years ago

This has two parts:

# Implement a special "Anonymous" group
#* Created automatically, much like the "system group". uuid = @xyzzy-j7d0g-anonymouspublic@?
#* In permission checks, make sure @anonymous_group_uuid@ is always in the list of readable groups.
#* This should produce the desired result if someone shares an object with the Anonymous group -- at least for users who are logged in.

# Provide a mechanism for clients to get "anonymous" privileges without using the usual OAuth/SSO procedure.
#* Could simply use a well-known token (like fifty "X" characters).
#* Careful in API server not to let an anonymous user modify its own User object (or anything else normally allowed by permission system).
#* API server has to decide whether to say "please log in" or "just do stuff that anonymous user can do". No token = anonymous?
#* Workbench has to act a bit differently when deciding to show a login page, redirect to authentication procedure, or just proceed as anonymous user. E.g., bookmark a private page, log out, go back to the private page → show "not found or not authorized" page, and provide an option to log in.