[Zope] Proxy roles don't propagate? - bizzare permissions from ZDChart too

[Brad Clements]

I'm using LoginManager and the loginForm cookie method for security.

I want my login form to use the same standard_html_header, stylesheet 
and so on as my system.

My hierarchy is

/
   Strader

       StyleSheet
       acl_Users
           loginForm


I've denied anonymous access to Strader and so on, but I want the 
loginForm to be able to load standard_html_header, which in turn 
references a few things in Strader

Anyway, my loginForm has this:

<dtml-with Strader>
<dtml-var standard_html_header>
</dtml-with>

I've given the loginForm a proxy role called "Customer"

Customer has full access to Strader and everything in it.

It looks like standard_html_header is rendered, but when 
standard_html_header calls StyleSheet and other objects in the Strader 
folder, I get the browser login box. Cancelling that shows "access to 
StyleSheet denied".

Its as if the proxy role assigned to loginForm is discarded by 
standard_html_header, even though I didn't assign 
standard_html_header any proxy roles.

Is this a bug, or by design?

--

Also, I see that I have some very strange permissions in my list, looks 
like an installed product goofed.

I see this single character permissions.

A C D G Z a d h r s t

Ahh.. Looks like ZGDChart hasn't used a tuple where it should... 

Brad Clements,                bkc@murkworks.com   (315)268-1000
http://www.murkworks.com                          (315)268-9812 Fax
netmeeting: ils://ils.murkworks.com               AOL-IM: BKClements