Hi,<div>I recently moved my webapp from z3.3.1 tarball to all eggs. It's working great except for my</div><div>securitypolicy, which seems to sort of half-work. For example, earlier an authenticated member</div><div>could view
<a href="http://myhost/mysite/@@footest.html">http://myhost/mysite/@@footest.html</a> with and without the "@@" but now it's only viewable</div><div>with them. It's hard to pinpoint what does work and what doesn't but for authenticated users, most
</div><div>actions will redirect (but shouldn't) to the loginform. Security checks for unauthenticated users seem to work as </div><div>before without problems (they can have the foo.Visitor role defined in my roles.zcml
).</div><div><br class="webkit-block-placeholder"></div><div>In my tarball version I've setup authentication and user management pretty much like in the latest </div><div>Worldcookery book. I.e, security settings in my package's
roles.zcml and permissions.zcml, and</div><div>a grant of the "foo.Visitor" role the zope.anybody principal in etc/principals.zcml.</div><div><br class="webkit-block-placeholder"></div><div>In my sandbox the grant of the old etc/principals.zcml was put at the end in
site.zcml. At first I got</div><div>a deprecation warning on zope.app.securitypolicy but it was easily solved by using </div><div>zope.securitypolicy instead. I later, of course, updated configuration.zcml and setup.py to use
</div><div>zope.securitypolicy instead (with file="meta.zcml"). Another deprecation I got was for zope.configuration:</div><div><br class="webkit-block-placeholder"></div><div><div>SNIP.../buildout-eggs/zope.configuration-
3.4.0-py2.4.egg/zope/configuration/config.py:197: DeprecationWarning: ZopeSecurityPolicy is deprecated. It has moved to zope.securitypolicy.zopepolicy This reference will be removed somedays</div><div> obj = getattr(mod, oname)
</div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div>Not sure if this is what's causing my authenticated users to fail on accessing stuff that should</div><div>be accessible. I'm kind of stumped because don't really know what to do :)
</div><div><br> </div><div>Let me know if you need any more info</div><div><br class="webkit-block-placeholder"></div><div>/Jesper</div><div><br class="webkit-block-placeholder"></div><div>BTW, here's how i setup my sandbox:
</div><div>$ python virtualenv env</div><div>$ cd env</div><div><div><div>$ ./bin/easy_install zopeproject</div><div>$ ./bin/easy_install zc.buildout</div><div>$ ./bin/zopeproject --no-buildout Hello</div><div>$ cd Hello</div>
<div>$ (Add the package index and comment out find-links):</div><div> #find-links = <a href="http://download.zope.org/distribution/">http://download.zope.org/distribution/</a></div><div> index = <a href="http://download.zope.org/zope3.4">
http://download.zope.org/zope3.4</a></div><div>$ ../bin/buildout bootstrap</div><div>$ ./bin/buildout</div><div><br class="webkit-block-placeholder"></div><div>I also tried it with letting zopeproject handle the buildout and using the default find-links in
</div><div>buildout.cfg but I end up with the same problems</div></div></div></div>