Robin Becker wrote:
The latest CVS version is giving autorization demands (and failures) with this DTMLmethod. This kind of construct used to work fine.
<dtml-var standard_html_header> <h2><dtml-var title_or_id> <dtml-var document_title></h2> <p> <dtml-with "_.namespace(SUB=[1,2])"> <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if> </dtml-with> </p> <dtml-var standard_html_footer>
Perhaps newly created names in the _ namespace do not get understood by the new security guts. Does it work if you: <dtml-with "_(SUB=[1,2])"> ... </dtml-with> and call the namespace directly? The two are supposed to be synonymous but your method is depricated so perhaps it works the other way, if not, I'd suggest putting this in the collector for us to fix before the next release.
(Object: _.namespace(SUB=[1,2])) File C:\Python\devel\Zope\lib\python\DocumentTemplate\DT_Util.py, line 327, in eval (Object: _.len(SUB)>0) (Info: SUB) File C:\Python\devel\Zope\lib\python\OFS\DTMLMethod.py, line 184, in validate (Object: xxx) File C:\Python\devel\Zope\lib\python\AccessControl\SecurityManager.py, line 139, in validate File C:\Python\devel\Zope\lib\python\AccessControl\ZopeSecurityPolicy.py, line 160, in validate Unauthorized: SUB
-- -Michel Pelletier http://www.zope.org/Members/michel/MyWiki Visit WikiCentral for the latest Zen: http://www.zope.org/Members/WikiCentral