Comment 1 for bug 143376

Tres Seaver (tseaver) wrote :

Thank you for the detailed report. Unfortunately, I am unable
to reproduce your error against the head of the 2.7 branch,
which has the same code in User.py as 2.7.5.

Here is some additional detail about my attempts:

  - In step 3, you do not specify the kind of access which
    the method makes of its context. Here is the text of
    the PythonScript I used
    (http://localhost:8080/m1/document_src)::

      ## Script (Python) "m1"
      ##bind container=container
      ##bind context=context
      ##bind namespace=
      ##bind script=script
      ##bind subpath=traverse_subpath
      ##parameters=
      ##title=
      ##
      return context.title_or_id()

  - In step 4, you don't specify whether you are making the
    changes to the "Security" tabl of the root folder or of
    either '/a' or '/a/b'. I tried both the root folder,
    and also '/a' (where I had to clear the "Acquire" field.

  - In step 5, you say "Log in as User1"; I don't know how
    you mean to do that (User1 has no roles at all on my system).

  - I pasted the following URL into a new browser session:

      http://localhost:8080/a/b/m1

    got challenged for HTTP basic auth, entered 'User1' and
    the corresponding password, and was able to see the title
    of the 'b' subfolder without further challenge.