Dylan Reinhardt wrote:
Check the permissions on everything a_method calls. That's probably your problem.
To do a quick test if this is true, give a_method a Manager Proxy Role. If that solves your problem, you know that you hadn't set permissions correctly for some called object. If that doesn't solve your problem, you haven't set the permissions for a_method correctly.
I forgot to mention a detail, a_method is not in a_folder folder. It is acquired the same way the hippo gets vaccinated in the zope zoo. I have tested with the following simplified structure: +- zope root (default permissions) +- acl_users (here is where user1 is defined, no roles) +- local_role_test (default permissions) +- bin (*) +- a_method (**) +- a_folder (here user1 has some_role) (*) manager, owner and some_role have permissions "access contents information" and "view". Those permissions are not acquired from parent. The rest of permissions have default values. (**) a_method is plain HTML: <html><body><p>Hello</p></body></html> as user1 I get an unauthorized messages when I access /local_role_text/bin/a_folder/a_method Giving user1 some_role in a_method instead of a_folder is not a good solution. On the real problem I'll have user1, user2 ... and folders a_folder1, a_folder2 ... userN should be able to access a_folderN only. TIA Regards -- //// (@ @) ---------------------------oOO----(_)----OOo------------------------ Los pecados de los tres mundos desapareceran conmigo. Alexis Roda - Universitat Rovira i Virgili - Reus, Tarragona (Spain) --------------------------------------------------------------------