Aseem Mohanty writes:
Sorry for the repost, I desperately need help on this and any help would be greatly appreciated.
The problem being that I have a custom User Folder loosely based on mysqluserfolder, without the cookies and session stuff, for that I use Cookie Crumbler and CST. Otherwise the code is pretty much the same with modifications to suit my purposes.
Now lets say I have a user with role "X". I set up a folder that is veiwable only be ppl with role X via the security tab. When I try to view it, zope refuses entry to me. When I do a AUTHENTICATED_USER.getRoles or _.SecurityGetUser().getRoles() I get alist that has Authenticated User, Anonymous and X in it. I looked up and walked through the validate function in my UF and printed out roles just before it calls authorize and the list of roles is the same there too. .... Disable cookie mode in Cookie Crumbler (remove the "login_form") and analyse the "Unauthorized" error response.
Probably, you are not allowed to access something outside your current object. Dieter