Jonathan Hobbs wrote at 2004-5-27 11:09 -0400:
I have a folder ('Data') with the 'View' security role set to 'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.
When, as an 'anonymous' user, I try to access an object within the 'Data' folder the security popup window (enter your name/password) is displayed. This works as I expected it to.
I have created a dtml method called 'Display'. This test routine is hardcoded to display an object from the 'Data' folder. I have set the Proxy role for the Display method to "Authenticated". When, as an 'anonymous' user, I access the 'Display' method the security popup window appears?! Shouldn't the Proxy role assigned to the dtml method enable access to the object in the folder?
BTW, "VerboseSecurity" can help you to analyse difficult security problems. Use the CVS version (once Zope's CVS starts to work again).
I have installed VerboseSecurity (it shows up in the Control_Panel/Products list), but it does not generate any output in the zope_error_log (the requests are showing up in zope_access_log). Does VerboseSecurity put the security info somewhere else? We are running 2.6.1 if this has any bearing. Jonathan