Thank you for the detailed report. Unfortunately, I am unable
to reproduce your error against the head of the 2.7 branch,
which has the same code in User.py as 2.7.5.
Here is some additional detail about my attempts:
- In step 3, you do not specify the kind of access which
the method makes of its context. Here is the text of
the PythonScript I used
## Script (Python) "m1"
- In step 4, you don't specify whether you are making the
changes to the "Security" tabl of the root folder or of
either '/a' or '/a/b'. I tried both the root folder,
and also '/a' (where I had to clear the "Acquire" field.
- In step 5, you say "Log in as User1"; I don't know how
you mean to do that (User1 has no roles at all on my system).
- I pasted the following URL into a new browser session:
got challenged for HTTP basic auth, entered 'User1' and
the corresponding password, and was able to see the title
of the 'b' subfolder without further challenge.