[Zope-dev] Problem with security context when calling DTML Method

[Vladimir Mozhaev]

Hi!

I'm writing a proprietary set of python classes for my product. As part of
this product, there is a base class with redefined index_html method. This
method looks for some object (practically, DTML Method) in it's context with
predefined id and tries to call it.

The problem is that my object loses security context, and DTML Method is
called under Anonymous User priveleges:

    security.declareProtected(View, 'index_html')
    def index_html(self, client=None, REQUEST={}, RESPONSE=None, **kw):
        """ """
        if client is None:
                client=self
        index=getattr(client, self._template_id, None)
        if index is None:
            if RESPONSE: RESPONSE.notFoundError(self.absolute_url())
            else: raise
        security=getSecurityManager()
        security.addContext(index)
        return apply(index.__call__, (client, REQUEST, RESPONSE), kw)

Is anybody can to point out my mistake?

Best regards,
Vlad Mozhaev