[Zope] Trying to understand __roles__

[James W. Howe]

In previous e-mails I've described a problem that I've been having with my 
management tabs.  I have a subclass of Folder which is displaying the 
Contents tab even though the currently authenticated user shouldn't have 
access to it.  If my folder defines it's own "manage_main" instead of 
inheriting it from ObjectManager, the Contents tab is not visible to users 
who shouldn't see it.  After spending some time with the debugger, I found 
the following bit of information:

If I inherit manage_main from ObjectManager, when the object representing 
manage_main is asked for its '__roles__', it answers a list of ['Manager', 
'Publisher', 'Manager'].  I don't exactly understand where this information 
comes from, and, more importantly, why it contains my 'Publisher' role.  If 
I define manage_main in my Folder subclass, however, asking manage_main for 
its '__roles__' answers ['Manager'].  This seems like the correct answer to me.

I have the feeling that there is some key concept about Zope and/or Python 
that I'm not getting.  Why does the inherited manage_main have different 
__roles__ than if I define it in my subclass?  How would it have managed to 
pick up a role (Publisher) that hasn't been assigned to it (to the best of 
my knowledge)?  Finally, can someone tell me where I can see how __roles__ 
is implemented?  I can't seem to find it.

Thanks.

James W. Howe				mailto:jwh@allencreek.com
Allen Creek Software, Inc.		pgpkey: http://ic.net/~jwh/pgpkey.html		
Ann Arbor, MI  48103