On 2/16/06, zope-request@zope.org <zope-request@zope.org> wrote:

The only change I recall to how proxy roles work is that proxy roles used to *augment* a users' roles; now they *replace* them.

I don't know that the case you are talking about (S1 has proxy roles, calls protected S2 fine, but fails when calling PR-less S3 which calls S2) ever worked under either scenario. Proxy roles have always only been checked for the "topmost" object on the executable stack (S1 in the first example, S2 in the second).

Regardless of whether it used to work, I think it would be nice if it did. Is there a reason for it not to be made to work? E.g. do something like walk backwards through the call stack and as soon as you find something that has proxy roles, use those, while if you don't find any, use the user's roles. Mike