Andreas Jung <lists@andreas-jung.com> wrote:
I created a PyScript through the ZMI:
from AccessControl import getSecurityManager() print getSecurityManager().getUser().getRoles() print getSecurityManager().getUser().getRolesInContext(context) return printed
The script has the proxy role 'Manager'.
When I call the script as Anyonmous User then the output is always ('Anonymous',) for both calls. This happens with Zope 2.7.0, 2.7.6 and Zope 2.8.0. Shouldn't I see the Manager role in the output or am I just brain-dead today?
Proxy roles are designed to provide additional rights to the restricted python machinery executing some Python Script or DTML. They don't propagate to the code called by them. Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com