[Zope3-dev] Security: Do not compare symbolic constants with persistent data using "is"

[Steve Alexander]

I've just debugged a tricky problem with the ZopeSecurityPolicy.

The problem was that I was getting spurious Forbidden errors. These 
would go away when I "refreshed" the role-permissions mapping on a 
folder on the acquisition path by saving it in exactly the state it was 
in before.

The problem is that Settings.Allow and Deny are checked by identity 
rather than equality in ZopeSecurityPolicy.

When a string has been pickled and then unpickled, it may be a different 
  object, and thus must be compared by equality.

The same mistake may have been made elsewhere.

I'll check in a fix to ZopeSecurityPolicy, but then I need to go to the 
pub and relax! :-)

--
Steve Alexander