[ZPatterns] Can't set proxy roles for SkinScript

[Roché Compaan]

> Does anyone know when 'hasRole' was deprecated? How should we modify  
> Proxy.py to make it backward compatible? Or should we just march onward  
> and not worry? ;-)

I think since Zope 2.5.0, so march onward. Maybe just add tag on the HEAD
in case somebody is still running on older Zope distributions.

> 
> > BTW, I'm not using LoginManager in this application, I got bitten by  
> > it too many times - so this problem is not LM related.
> 
> LoginManager can be subtle ;-). I like it, mostly because it's so durn  
> flexible, but that can also make it's operation delicate.

It is indeed very flexible but there is one issue that is unresolved
that really bites me when I run unit tests. I found that the
AUTHENTICATED_USER object returned by a LoginManager loses its
datamanager when you either have subtransactions or multiple
transactions in a single request. What seems to happen is this:

The AUTHENTICATED_USER is computed and set on the REQUEST and it remains
there until the RESPONSE is published. The problem comes in when you
abort a transaction and start a new one.  The persistence framework
calls __setstate__ on the AUTHENTICATED_USER when the transaction starts
and the state is retrieved with __getstate__.  __getstate__ omits all
attributes that start with '_v_' and '_p_', so '_v_dm_' and '_v_parent'
gets lost. Since the AUTHENTICATED_USER is already set on the REQUEST
when the next transaction starts no call is made to LoginManager when
the AUTHENTICATED_USER is referenced.  This is my theory anyway. Maybe
somebody with more experience of transactions and persistence can say if
this is likely.

I initially thought that all dataskins forget about their datamanagers
when using subtransactions but this does not seem to be the case.

-- 
Roché Compaan
Upfront Systems                 http://www.upfrontsystems.co.za