I've been learning about Zope as I go along hacking on my ZopeFIsh project. For the most part things have gone well, most problems having solutions. But I seem to have wandered into a weird little problem. Here's how it goes... I instantiate my ZopeFish object. I go it in the management interface, and add a user. In another browser window (one that I never used to log into Zope), I go to the ZopeFish instance and log in using ZopeFish's user login facility. I go to the discussion group page, click the "new message (in browser)" link, write something, hit the update button. At this point ZoepFish will create a new message, set the subject and contents, and then redirect the browser to the message that has just been created. At this point Zope wants a username and password. If I cancel the prompt, it will now tell me that I am unauthorized to access the attribute "body". "Body" is the actual message. You see, I'm using a tenplate structure -- only the root object has an "index_html" member, and it points to a template that includes a "<dtml-var body>" directive. So I just implement the "body" member in any publishable objects, and they all use the template. So somehow, creating the new message didn't properly propagate the security settings, or something else that I don't understand. So how do I properly set up the access to the new item? I noticed that if I just stop and restart the Zope server that I no longer have problems seeing the message. So something's getting fixed on the reload. I've uploaded my current source to: ftp://members.home.net/davidbro/ZopeFish-0.4.0-bug.tgz if anyone wants to dig around and try to reproduce (and maybe even fix) the problem. I'm trying to RTFM, but finding the right FM is tough. ZopeFish requires the latest XMLDocument. Thanks in advance... dave