[Zope-CMF] New CMF tool has bogus __roles__

[Dan L. Pierson]

I'm working on a new CMF tool to be released at Python 10.  When I tried
to test a the versions broken out of our running site today, I discovered
that all DTML, etc. access to the tool fails authorization because the
tool has __roles__ = ().

Here's some more info.  First from a debugging session on the current
test:

[dan@daystar zope]$ sudo ./zctl.py debug
Password:

          Zope debugging session for /home/dan/work/control/site/zope
          The root application object is bound to name 'app'.
          To let other people see your changes, you must:
            get_transaction().commit()
          To see other people's changes, you must:
            app._p_jar.sync()
>>> d = app.danwork.cmf_test
>>> d
<CMFSite instance at 931ccf8>
>>> d.__roles__
('Anonymous', 'Manager')
>>> d.portal_skins.__roles__
('Anonymous', 'Manager')
>>> d.postings_tool.__roles__
()
>>>

Note that the standard portal_skins tool has a correct __roles__.  As
far as I can see, I'm creating the tool in the same way.  Here's the
start of the (CMF 1.1) SkinsTool:

class SkinsTool(UniqueObject, SkinsContainer, PortalFolder):
    '''
    This tool is used to supply skins to a portal.
    '''

    id = 'portal_skins'
    meta_type = 'CMF Skins Tool'

    security = ClassSecurityInfo()

    manage_options = ( { 'label' : 'Overview', 'action' : 'manage_overview' 
}
                     ,
                     ) + modifiedOptions()

    def __init__(self):
        self.selections = PersistentMapping()

Here's the same section of my tool:

class PostingsTool(UniqueObject, Folder):
    """
        Maintain Squishdot style postings in a Postgresql database.

        Since there is no database connection passed at tool creation, the
        first manual action with the tool must be to set a database 
connection
        via the SQL tab.  All other tabs and methods are likely to fail or 
be
        useless until that is done.
    """
    id = 'postings_tool'
    meta_type = 'SqSQL Postings Tool'

    security = ClassSecurityInfo()

    manage_options = ( {'label':'Moderation',
                        'action':'manage_moderationForm'},
                       {'label':'Postings',
                        'action':'manage_postingsForm'},
                       {'label':'Keywords',
                        'action':'manage_keywordsForm'},
                       {'label':'SQL',
                        'action':'manage_propertiesForm'},
                       {'label':'Debug',
                        'action':'manage_advancedForm'},
                     ) + Folder.manage_options + (
                       { 'label' : 'Help',
                         'action' : 'manage_overview' },)

    def __init__(self):
        self.attachments = PersistentMapping()
        self.connection = None

Can anyone see what I'm doing to get the bogus __roles__?  I'd really
like to release the initial version of this next week :-)  It's in
production use here, but I now remember that I kludged it up in
initial testing by going in with a debugger and bashing __roles__ into
shape.  I know, my bad, I should have debugged the problem back then :-(

Thanks for any help,

Dan Pierson