[Zope] getting a list of authorized objects

[J. Cameron Cooper]

So I have a number of folders (in a CMF site, but that shouldn't matter) 
with various permissions. If I want certain roles to access the folder, 
I give it 'View' and 'Access contents information' permissions, and the 
reverse otherwise.

In Zope 2.3.3, I could do a dtml-in on "objectValues(['Folder'])" with 
skip_unauthorized and it would work passably well. It might not get the 
sequence variables right, but at least things got shown when they should 
have been and not otherwise. Now I'm trying it on Zope 2.4, and no such 
luck. I know that there was some rewriting of the dtml-in rendering 
between these releases (probably the restricted execution arctitecture), 
but whatever happened, it doesn't work like it used to.

Now I get a KeyError on the first attribute of the first unauthorized 
thing that comes up in the list. This is a result of trying to do this 
operation on a "Access contents info" restricted object. It's not 
skipping unauthorized.

So I decided that I'd go and use ZopeFind, but since the folders might 
have local roles, it doesn't really work easily. I've been trying to 
figure out how to find out whether an object is allowed in a 
PythonScript so I can do it myself, but no luck so far.

So either:
1) what's wrong with dtml-in in 2.4.0, and how can I fix it? or
2) how do I get this behaviour otherwise?

        --jcc
      (blast!)