Tim Hicks wrote:
I hope even some of that makes sense. So, unfortunately, my question remains, 'why can't I access getBody in that context?'
Does it have a security assertion? Dooes the user have a role that has that permission mapped?
Yes to both.
After that, just go to line 200 in ZopeSecurityPolicy.py and work your way back until you find out why it's doing that...
Ok, I've been doing that. Line 200 in ZopeSecurityPolicy.py raises Unauthorised because: accessedbase is containerbase which equates to: getattr(accessed, 'aq_base', container) is aq_base(container) So, the unwrapped object that I'm trying to access the getBody method on is the same as the unwrapped container object of the ___ (I don't know what - I presume 'of the object I'm trying to access'). 'def validate' has the following description of its arguments: """ accessed -- the object that was being accessed container -- the object the value was found in """ So, as I (mis?)understand it, I'm not allowed to access getBody because in my acquisition chain, the object it is a method of is its own parent. I don't know how that could be happening. At the moment, I'm trying to pass in the aq_parent of the XronDtmlMethod as the context when it calls fireNextConversion(). The aq_parent is not the ZOffice instance. I'm getting a little lost! To make matters worse, even if I overcome this problem, it appears the security policy is about to 'Unauthorize' me anyway. Line 201 of ZopeSecurityPolicy.py returns 0, so I'm just not doing things right I think :-(. I'm not sure why different methods are getting treated differently by zope. If I add a zpy to the zoffice instance (named 'getBody2') that returns some text, 'handleFiles' will successfully call it (as it successfully calls manage_addFolder etc). Not sure if I've managed to ask more questions, or just muddied the water further. If anyone has any suggestions, I'd love to hear from you. cheers tim