workflow script proxy role does not apply

FWIW, I chatted about this in IRC with r33t and it does appear to be some sort of bug. The same configuration works in 2.7.3 and 2.7.4 but does not work in 2.7.5 and 2.7.6.

The suspicious things in changes.txt for 2.7.5 are:

 - AccessControl/User.py: _check_context() has not been called
   for authenticated users
- guarded_getattr: Restored ability to aquire "through" unprotected
 contexts, broken through overzealous cleanup in Zope 2.7.3.

Note that we did confirm that the owner of the script existed (we took ownership of the object via another just-created account).

Tres says that this patch may be the culprit...

http://cvs.zope.org/Zope/lib/python/AccessControl/Attic/User.py.diff?r1=1.176.14.7&r2=1.176.14.8

Zero help in the checkin message for why it was introduced.

See also
http://mail.zope.org/pipermail/zope-cmf/2005-April/022152.html
that reported the problem in the list but never opened a bug.

The change in User.py was done based on this:

http://mail.zope.org/pipermail/zope/2005-March/157419.html

I tried to reproduce this error with Zope 2.7.6, Plone 2.0.5 and PloneCollectorNG where I have some workflow scripts with 'Manager'
as proxy role to send out notification email (required
when anonymous users file new issues). Unfortunately I could not
reproduce this behaviour with my setup.

So the first step to nail this down would be to write
a unittest that shows the described behaviour.

Uploaded: test_wfbug.py

I finally managed to produce a test case which demonstrates the problem.

The critical thing seems to be that the View permission at the point when the script is invoked must not be inherited.

If you run this test file (in a directory such as CMFPlone/tests) then on my system it comes up with:
Unauthorized: You are not allowed to access 'object' in this context

Either commenting out the line which assigns proxy role to the script or commenting out the sdef.setPermission line will allow the test to pass.

Can't you provide something that runs with a bare Zope or at least a bare CMF instance?

I expect so, but I'm not going to be around much for the next few weeks, so don't expect it until sometime in September.

We have the same problem running:
Zope 2.7.7-final, python 2.3.5, linux2, Plone 2.0.5, CMF1.4.7 and have previously applied the User.py patch. The workaround provided by Duncan Booth does work but has meant that anything which calls any of the exceptions (ObjectMoved, ObjectDeleted) need to reside in the unproxied script.

Is the matter directly tied to CMF1.4.7 patched with User.py patch, i.e. upgrading to Plone 2.1 and later CMF will resolve the issue?

There's a test attached here, which should be confirmation enough.

The zope2 project on Launchpad has been archived at the request of the Zope developers (see https://answers.launchpad.net/launchpad/+question/683589 and https://answers.launchpad.net/launchpad/+question/685285). If this bug is still relevant, please refile it at https://github.com/zopefoundation/zope2.