[Zope] manage_addFolder unusable from DTML-call?

Kyler B. Laird laird@ecn.purdue.edu
Sun, 26 Nov 2000 09:22:44 EST 

I have a simple DTML method:
	<dtml-var standard_html_header>
	<h2><dtml-var title_or_id> <dtml-var document_title></h2>
	<p>
	This is the <dtml-var document_id> Document 
	in the <dtml-var title_and_id> Folder.
	</p>
	<p>
	Welcome, <dtml-var AUTHENTICATED_USER>!
	You have these roles: <dtml-var "_.string.join(REQUEST.AUTHENTICATED_USER.getRoles(), ', ')">.
	</p>
	<dtml-call "manage_addFolder('Folder', 'my new folder')">
	<p>
	I created a folder!
	</p>
	<dtml-var standard_html_footer>
It requires "Manager" to view.  When I run it with 
the <dtml-call> commented out, it correctly returns 
my role as "Manager".

I can go through the management interface to create
and destroy folders, but as soon as I view this
method, (it tries to reauthenticate me and) I get:
  Zope Error

  Zope has encountered an error while publishing this resource. 

  Unauthorized

  You are not authorized to access manage_addFolder. 

  Traceback (innermost last):
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 222, in publish_module
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 187, in publish
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 171, in publish
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/mapply.py, line 160, in mapply
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 112, in call_object
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 172, in __call__
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_Util.py, line 331, in eval
      (Object: manage_addFolder('Folder', 'my new folder'))
      (Info: manage_addFolder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 194, in validate
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/SecurityManager.py, line 139, in validate
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 183, in validate
  Unauthorized: (see above)

	
I expected trouble when trying to use proxy roles for
this, but it seems like running as a Manager should
be simple.

I see a similar DTML method in use in a message from 
early October.  Am I missing something or did the
security model change get me?

Thank you.

--kyler