The theory I'd try first is that the called script may be attempting to do something that Player permissions are not approved for. Oddly enough, it's possible to grant permissions to Anonymous but still withhold them from groups that require authentication. I'd double-check the permissions for any objects called by the second script to see if you've granted Anonymous permission without granting Player permission. It's also possible that the called script may not have its permissions set to acquire settings from the parent folder. Sounds like you would have noticed, though. If time is short, an easy way to fix the problem is to grant the calling script the Manager proxy role. But you only want to do that if you're certain that it's safe for all things done by the scripts to be done in that context. Hope that helps... Dylan At 05:18 AM 10/16/2002 +0300, you wrote:
I have Player role in my site, and Member folder, protected by the following permissions:
View [ ]Acquire [ ]Anonymous [x]Authenticated [x]Manager [x]Owner [x]Player
Everything behaves like expected but if being Player (having roles "Authenticated" and "Player" only) I am call Python Script from another Python Script (both are located inside this protected folder), my browser pops up Login Dialog and everything works only if I authenticate myself as Manager or if I allow Anonymous to "View" this Python Script.
Call looks like:
user = context.Member.get_userdata()
First thoughts were that I am not passing REQUEST or another security related token to second script (get_userdata in this case). If I get inside there (allowing Anonymous to View it), I am still having "Player" role and none of security tokens lost, but I can't even access this second script if it hasn't "Anonymous" View permission.
Please tell me where I am wrong. This is black voodoo compared in complexity with manual sendmail setup. URLs on Zope Security model overview may also help.
-- Dmitry
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )