UserPropertySheet has no security context

Why do you want to access the sheet from a template? I see two issues here: you should not be doing complex logic in a template but in a browser view, and the PropertiedUser class should provide all the required interface already.

In addition I don't think making all properties public is a correct thing to do. Properties contain personal information and should be protected accordingly.

I want to use the TALES expression with the Dynamic Groups Plugin for PAS. I need to access a single attribute from an LDAP property sheet to determine if a user should be in a group. Also, I agree that all the properties shouldn't be public. I wasn't really thinking about it when I wrote the patch -- I was just trying to get it to work.

Since the patch as is is essentially useless, I deleted it, as the implementation is quite simple.

The "missing security context" is not due to the lack of a ClassSecurityInfo declaration
for UserPropertySheet, but to the fact that UPS instances are returned without an
acquisition context (in fact, they are not even capable of acquisition). Because the
UPS does not know its containment path, the security policy cannot verify that the
user is from a user folder in the containing scope.

I'm afraid we won't be able to fix this issue unless somebody does some non-trivial
work to make the UPS instances suitable for TTW use: at the moment, they cannot
be used except by trusted / filesystem code.