Tres Seaver wrote:
The prior behavior (allowing users to access protected resources "above" the domain of their user folders) was a security hole caused by a bug, and was never documented as allowable: correcting it was a matter for a rather urgent fix, as it broke the explicitly-documented model.
I don't think that's what Michael and I were commenting on... IIRC, if you had scripta calling scriptb, you used to be able to give scripta a proxy role and scriptb would also execute with that role. However, again IIRC, in current Zope releases, if you give scripta a proxy role, when it calls scriptb, scriptb will just run with the roles of the current user. Have I got this right? If so, I wonder why the change was made... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk