[Zope-CMF] Workflow/discussion tool related permissions problem

[John Morton]

I've been experimenting with dcworkflows, and in the process of testing a 
worklfow I've run into a permissions problem I can't seem to solve. 

The workflow starts in private and allows an owner to publish to a prepublish 
state where a pair of automatic transitions will either move it to visible, 
if the owner possesses the 'Validated Member' role, or to pending if they 
don't. That bit works nicely; my test case with a member without the 
'Validated Member' role resulted in the object ending up in pending. From 
here, a member with the 'Editor' role should be able to chose to reject or 
approve the object, but here's the problem - that user can't access the 
object, because when they do, it throws an Unauthorized exception when trying 
to access here.talkback.hasReplies. The object owner has no such trouble.

Owner and Editor roles both have access content information, modify and view 
permissions on the object in this state, and neither mask the replies related 
permission. As far as I can tell, from browsing the source, the discussions 
tool protects hasReplies and friends with View.

Does anyone have a good strategy for diagnosing permissions problems? I think 
a code fragment that could return the permissions a particular role does have 
in a particular context would been invaluable here.

Thanks,
John