[Redirected to zope-dev] On Wed, 1 Dec 1999, Sam Gendler wrote:

I bumped into something like this with UserDB. If you access an object that requires authentication directly (go to its url), the appropriate acl_users folder gets used (in my case, UserDB). However, if I attempted to access an object that requires no authentication, but which calls methods that are restricted, Zope seemd to only want to use the acl_users folder in the root directory of the zope install, or else superuser was the only user that worked, I can't remember which way it worked. At any rate, if you make the containing object require authentication, everything should work again.

I tracked down at least one case where this sort of thing happened and worked around it. The cases I came across where mainly accessing a document when you were not already authenticated. The first example is a document that returns a different result if it is called via GET or called via POST. The second example is the manage method - as far as I managed to track it down, if I modified the RESPONSE during authentication (ie. RESPONSE.setCookie('_gufauth',blah)), then the manage method would return a document which tried to populate its frames with manage_main and manage_menu from the root folder. I still don't know if this is a bug or a feature, so it isn't in the collector. I'm leaning towards a bug in Zope but it is rather obscure and hard to describe in words or demonstrate without 3rd party code. Both the cases I found have been solved using double indirection (your POST calls docLoginSuccess, which can do nifty stuff or just REDIRECT to the real location). -- ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen