[Zope] resolve_url and authorization

[Itamar Shtull-Trauring]

Michel Pelletier wrote:

> resolve_url uses the exact same publishing machinery as calling a URL
> through the web; it does _not_ bypass the security machinery.  If you do
> not have enough privledge to access to an object, then you will get an
> Unauthorized, just like when you call it through the web.

Additionally, if the object does not have an index_html, it may acquire it -
so you also have to make sure that the index_html it might acquire is
viewable by the user you're running as.

-- 
Itamar S.T.  itamars@ibm.net