recently I noticed that methods for retrieving user roles are affected
by the URL from which the user logged in using basic authentication (as
opposed to the location of the user account). I don't see any
authentication-related cookies at all from ZOPE, session or otherwise, just
basic http authorization.
the problem is this: if one authenticates at a location deeper than
their user account, authorization should apply up to the level of the
account. it does - any method requiring authorization is allowed to run
between the point of login and the user account - but when I test with *any*
of these routines between the point of login and the user account it shows
only 'Anonymous' - not the expected roles.
user.has_role( roleName )
visiting /manage or any other objects which require authorization works
between the user account and the point of login - in fact, after rendering
an object which would prompt for authorization if the only role were
*really* Anonymous the roles for that object and ones it contains are fixed
and show the expected results with getRoles() and has_role().
this problem occurred with ZOPE 2.5.0 or 2.5.1, and IE 5.5 or NN 7.0
Grant K Rauscher
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -