[Zope] Calling script from script inside protected folder

Dmitry Litovchenko deadq@bkzebra.com
Wed, 16 Oct 2002 05:18:57 +0300


I have Player role in my site, and Member folder, protected by the 
following permissions:

View
[ ]Acquire
[ ]Anonymous [x]Authenticated [x]Manager [x]Owner [x]Player

Everything behaves like expected but if being Player (having roles 
"Authenticated" and "Player" only) I am call Python Script from another 
Python Script (both are located inside this protected folder), my 
browser pops up Login Dialog and everything works only if I authenticate 
myself as Manager or if I allow Anonymous to "View" this Python Script.

Call looks like:

user = context.Member.get_userdata()

First thoughts were that I am not passing REQUEST or another security 
related token to second script (get_userdata in this case). If I get 
inside there (allowing Anonymous to View it), I am still having "Player" 
role and none of security tokens lost, but I can't even access this 
second script if it hasn't "Anonymous" View permission.

Please tell me where I am wrong. This is black voodoo compared in 
complexity with manual sendmail setup. URLs on Zope Security model 
overview may also help.

--
Dmitry