[Zope] Authentication in 2.0.0b1

[Jens Vagelpohl]

hi everyone,

this question has come up a few times in different guises over the 
last few days and no one had any answer yet. i would like to clarify 
my setup and my problem a little more, this might help troubleshoot 
the cause. 

It all works fine under alpha3. upgrading to beta1 was done by 
installing beta1 in a separate directory and then just copying over 
the working Data.fs.

The privileged user is called "change" and can "view", "access 
contents" and "use database methods".

Here is the site setup:

<Parent dir>     (in acl_users: change, everything is publicly 
accessible)
 |
 | <SQL_Method>
 | <DTML_Method> (calls SQL_Method)
 | <page_html>   (has form which calls DTML_Method)
 |
 |---<Privileged dir>  (in acl_users: change, only "change" and 
"manager" can go here)
      |
      | <page_html>   (same form as in parent, just "replicated" to 
inherit one folder attribute)
                      (it calls same DTML_Method from parent dir)

As you can see, both the privileged directory and the parent directory are 
aware of user "change". however, when i use <page_html> in the privileged 
area i am getting a "not authorized" error when the <DTML_Method> is 
trying to call <SQL_Method>. 

Using <page_html> as non-authenticated anonymous user in <parent dir> 
works fine.

Anyone have an idea?

Jens Vagelpohl