Dunigan, Craig writes:

.... Users login with this DTML method:

<dtml-let userid="REQUEST['AUTHENTICATED_USER'].getUserName()"> <dtml-call expr="RESPONSE.redirect('/base/People/' + _['userid'])"> </dtml-let>

which forces a login and points them to their home folders, in a folder called "People." We do not see that a login is forced. But you are sure, it is?

.... (Object: Catalog({'meta_type':'Yihaw Folder'})) File /opt/Zope/ZopeInst/lib/python/DocumentTemplate/DT_Util.py, line 334, in eval (Object: REQUEST['AUTHENTICATED_USER'].has_permission('Add EW Nav Links', REQUEST.resolve_url(BASE0+getpath(data_record_id_)))) (Info: BASE0) File <string>, line 0, in ? File /opt/Zope/ZopeInst/lib/python/ZPublisher/HTTPRequest.py, line 724, in resolve_url Unauthorized: (see above) Your catalog contains something that can not be accessed by your user.

... But from this, I read that AUTHENTICATED USER doesn't have the permission 'Add EW Nav Links' (our own concotion, obviously) I do not think so. "Add EW Nav Links" is the permission that you want to test for. But the "Unauthorized" exception is already raised when the catalogued object is looked up. I do not know precisely, how "resolve_url" works. Maybe, it checks access rights on its way down to the object. Then, a folder to the object may not be accessible for your user.

lacks that permission in 'BASE0+getpath(data_record_id),' which I presume evaluates to the current folder? Each user has a local role of Manager in his/her own folder, which I thought is what the current folder would be. Do you have a catalog in each of these folders or is there a global catalog. With a global catalog, it is well possible that it contains something inaccessible for some users.

Dieter