I am running Plone 3.2.3 and I have installed HumaineMailman so that the users on the website can subscribe and unsubscribe themselves from our various mailinglists. HumaineMailman works very simple. There is a special URL/action that gives you a plain text list of all e-mail addresses that are subscribed on a list. For example:
http://www.example.org/[email protected]&password=secret
You're supposed to simply wget that URL and feed the plain text list into Mailman's sync_members. Easy.
The problem is that Plone does not allow me to access that URL anonymously. When I am logged in as administrator I can access the URL in my browser and see the list of e-mail addresses. But when I am not logged in (and when retrieving that URL using wget) then Plone redirects me to the login page.
How do I tell plone that I want to allow anonymous access to that URL/action? The action itself (in code) is defined in Products/HumaineMailman/skins/mailman_autolist_update.py.
Thanks in advance!
HumaineMailman needs ManagePortal permissions. Those are too much to give to Anonymous so Lennarts answer didn't solve it for me. Instead, I edited HumaineMailman and redeclared the respective function calls as public. This is a slight security risk though. My Plone is behind an Apache proxy so I compensated by only allow access to the memberlist from localhost (where the wget synchronisation script and mailman itself are running as well).