OK. I'm stumped. I'm doing funky tricks here to create an alias
functionality somewhat similar to a transparent folder. In the belief that
brevity begets more possibility for answers, I won't tell you more, but just
get straight to the chase:
Zope 2.5, CMF 1.2 (but I'm using the dev list rather than the ptk or zpt
lists because it has to do with internals more, I think)
During traversal, I have (intentionally) created an acquisition chain like
<pageTemplate> <OBJECT X> <CMF root> <Zope root> <request>
in which <OBJECT X> is an "alien" object inserted after the CMF root. By
alien I mean it is not an actual child of the CMF root, nor the actual
parent of the pageTemplate. The pageTemplate itself is arbitrarily stored
*outside* of the CMF, and also inserted during traversal. <OBJECT X> was
unwrapped (aq_base) and then wrapped __of__(<CMF root>), and the
pageTemplate also unwrapped and then wrapped __of__(<OBJECT X>).
Everything seems mostly fine with this with basic DTML stuff, even so far as
the DTML using CMF skins. However, ZPT pages give me security errors if I
try to use a skin.
I have traced this down, through the
Products.PageTemplates.Expressions.RestrictedTraverse function, through
security validation, to the fact that if the page template asks for an
object like "nocall here/portal_url", and then traverses to get the
portal_url, the portal_url is found but has no __roles__.
__roles__ appear to be deep magic (AccessControl.PermissionRole). I don't
quite understand how this property exists: I figure it must also have
functional elements in the C acquisition code somewhere (which I have not
<OBJECT X> has both __allow_access_to_unprotected_subobjects__ and
security.declareObjectPublic(). I've tried not removing the "real" wrappers
of <OBJECT X> and the page template, to no avail.
Heh. Any ideas?
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -