Dave Lehman writes:
Alright, I figured out that if I assign a user "Manager" rights, then my custom "login_form" works. However, it does *not* work if I go to my root Portal folder security tab and assign all rights to the "Member" role.
So does the "manager" role have other instrinsic rights? Obviously I can't give everyone manager rights, just to work around this issue. Seems as if a security declaration were missing or could no longer be resolved (because the acquisition chain had been broken). In this case, Zope would default to the "Manager" role.
If I stick the "login_form" in my "custom" skin folder, where would it be trying to access "ZopeTime" from that is different than the "generic" folder? It should do it from the same place, the ApplicationObject.
And why does it think ZopeTime is not defined? The security machinery tries to hide objects you have no access to (it raises "KeyError" exceptions rather than "Unauthorized"). I doubt very much that this is a good idea, but ...
You may try to add: ZopeTime__roles__=None in "OFS.Application" near the definition of "ZopeTime". What you see may be the effect of the "Security Cleanup" that removed the "Allow unless Protected" but apparently forgot to add security declaration at many places... In my Zope CVS (last updated shortly after 2.4.1), I have still the old security setup. Dieter