[ I accidentally sent the last mail before I completed it... Sorry ] I've stumbled upon a strange problem with dtml-tree in version 2.2.5 (the problems occurs in the same way in any of the 2.2.x version), but didn't exhibit itself in 2.1.6: Here's some (very) crude code to generate a tree object: ------------- class Tree: def __init__(self, val='top'): self.name = val self.tpId = val def tpValues(self): tlist = [] for i in range(8): tlist.append(Tree('me: %s' % i)) return tlist def build(): return Tree() -------------- Now if I attach this to an "External Method" called "mytree" which references the function "build()", and I write the following DTML: ----- <dtml-tree mytree> <dtml-var name> </dtml-tree> ----- In version 2.1.6, I obtain a tree, it's composed of 8 items and each expands into 8 more, etc... If I do the same thing in version 2.2.5, I get an authentication failure... even though I'm logged on as superuser or an admin user... I've tried this on a fresh install to ensure nothing gets in the way. The error I get is: ------------ Zope Error Zope has encountered an error while publishing this resource. Unauthorized Sorry, a Zope error occurred. Traceback (innermost last): File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 187, in publish File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 171, in publish File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: toto) File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: toto) File /home/zope/Zope-2.2.5-src/lib/python/OFS/DTMLMethod.py, line 172, in __call__ (Object: toto) File /home/zope/Zope-2.2.5-src/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: toto) File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 154, in render (Object: mytree) File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 260, in tpRender File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 514, in tpRenderTABLE (Info: (['top', []], {'id': 'tpId', 'childless_decoration': '', 'name': 'mytree', 'branches': 'tpValues', 'url': 'tpURL', '': 'mytree'}, (['top', []],), (['top', []],))) File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 431, in tpRenderTABLE File /home/zope/Zope-2.2.5-src/lib/python/OFS/DTMLMethod.py, line 194, in validate (Object: toto) File /home/zope/Zope-2.2.5-src/lib/python/AccessControl/SecurityManager.py, line 139, in validate File /home/zope/Zope-2.2.5-src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 159, in validate Unauthorized: name -------------- So it's looking like it's breaking because of the Security enhancements made in 2.2.x, but why isn't it letting me access the "name" attribute? How am I supposed to bypass this authorization process? ..Yves