Hi! I am using Zope 2.1.2/Linux ix86. Now there is a line in $PYTHONDIR/lib/python/ZPublisher/BaseRequest.py which does riddle me: if user is None and roles != UNSPECIFIED_ROLES: response.unauthorized() (line 441/442). I ran into this one because I set up one folder to be an internal uploading folder which should generally not be accessible from anonymous users. So I added users to the acl_user folder, gave them a write_role and set up permissions correctly. Everything worked so far. The write_role was globally declared within the root-folder, the users were declared locally within the folder which was designed to be used for uploads (not above). I entered the (anonymously viewable) site and changed to the private folder; I was asked for uname and pwd and got access to the private folder. Ok. But then I wanted to go to the public area again... which raised the "unauthorised" response at the above lines. I figured that declaring the users on the level of the anonymously viewable pages and passing the write_role to these users locally within the upload folder settled my problem, since they were not "None" anymore within traverse. BUT: are these lines no mistake? How can a user which is None have roles? The manual states that any user implicitly has the "anonymous role"... which he has not, according to the lines above. (Please: I did NOT study traverse() very hard, so please excuse this, maybe, dumb question). Regards, Ingo ------------------------------------------