- Fixed Collector #2190: Calls to

        zope.security.management.checkPermission aren't rerouted to
        Zope 2's security policy.

        NOTE: If you already have a Zope 2.10 instance running, you
        will either have to recreate it or add the following lines to
        the end of the etc/site.zcml file::

          <securityPolicy
                component="Products.Five.security.FiveSecurityPolicy" />

-This line, and those below, will be ignored--

M    doc/CHANGES.txt
_M   lib/python/Products
M    lib/python/ZPublisher/Publish.py
M    skel/etc/site.zcml

doc/CHANGES.txt

@@ -8,6 +8,17 @@ Zope Changes
 
     Bugs fixed
 
+      - Fixed Collector #2190: Calls to
+        zope.security.management.checkPermission aren't rerouted to
+        Zope 2's security policy.
+
+        NOTE: If you already have a Zope 2.10 instance running, you
+        will either have to recreate it or add the following lines to
+        the end of the etc/site.zcml file::
+
+          <securityPolicy
+                component="Products.Five.security.FiveSecurityPolicy" />
+
       - Fixed Collector #2223: Evaluation of booleans in TALES and the
         'default' variable.
 
@@ -17,23 +28,27 @@ Zope Changes
 
       - added Python 2.4.4 as optimal Python version to 'configure'
 
-      - the ZopePageTemplate implementation now uses unicode internally.
-        Non-unicode instances are migrated on-the-fly to unicode. However this
-        will work only properly for ZPT instances formerly encoded as utf-8 or
-        ISO-8859-15. For other encodings you might set the environment variable
-        ZPT_REFERRED_ENCODING to insert your preferred encoding in front of utf-8 and
-        ISO-8859-15 within the encoding sniffer code. In addition there is a new
-        'output_encodings' property that controls the conversion from/to unicode
-        for WebDAV/FTP operations.
-
-      - the ZPT implementation has now a configurable option in order how to deal 
-        with UnicodeDecodeErrors. A custom UnicodeEncodingConflictResolver can
-        be configured through ZCML (see Products/PageTemplates/(configure.zcml,
+      - the ZopePageTemplate implementation now uses unicode
+        internally.  Non-unicode instances are migrated on-the-fly to
+        unicode. However this will work only properly for ZPT
+        instances formerly encoded as utf-8 or ISO-8859-15. For other
+        encodings you might set the environment variable
+        ZPT_REFERRED_ENCODING to insert your preferred encoding in
+        front of utf-8 and ISO-8859-15 within the encoding sniffer
+        code. In addition there is a new 'output_encodings' property
+        that controls the conversion from/to unicode for WebDAV/FTP
+        operations.
+
+      - the ZPT implementation has now a configurable option in order
+        how to deal with UnicodeDecodeErrors. A custom
+        UnicodeEncodingConflictResolver can be configured through ZCML
+        (see Products/PageTemplates/(configure.zcml,
         unicodeconflictresolver.py, interfaces.py)
 
-      - the ZPT implementation has now a configurable option in order how to deal 
-        with UnicodeDecodeErrors. A custom UnicodeEncodingConflictResolver can
-        be configured through ZCML (see Products/PageTemplates/(configure.zcml,
+      - the ZPT implementation has now a configurable option in order
+        how to deal with UnicodeDecodeErrors. A custom
+        UnicodeEncodingConflictResolver can be configured through ZCML
+        (see Products/PageTemplates/(configure.zcml,
         unicodeconflictresolver.py, interfaces.py)
 
   Zope 2.10.1 (2006-11-22)

lib/python/ZPublisher/Publish.py

@@ -22,6 +22,7 @@ from maybe_lock import allocate_lock
 from mapply import mapply
 from zExceptions import Redirect
 from zope.publisher.browser import setDefaultSkin
+from zope.security.management import newInteraction, endInteraction
 
 class Retry(Exception):
     """Raise this to retry a request
@@ -74,6 +75,9 @@ def publish(request, module_name, after_list, debug=0,
     response=None
 
     try:
+        # TODO pass request here once BaseRequest implements IParticipation
+        newInteraction()
+
         request.processInputs()
 
         request_get=request.get
@@ -119,6 +123,7 @@ def publish(request, module_name, after_list, debug=0,
 
         if transactions_manager:
             transactions_manager.commit()
+        endInteraction()
 
         return response
     except:
@@ -154,6 +159,7 @@ def publish(request, module_name, after_list, debug=0,
             finally:
                 if transactions_manager:
                     transactions_manager.abort()
+                endInteraction()
 
             # Only reachable if Retry is raised and request supports retry.
             newrequest=request.retry()
@@ -168,6 +174,7 @@ def publish(request, module_name, after_list, debug=0,
         else:
             if transactions_manager:
                 transactions_manager.abort()
+            endInteraction()
             raise
 
 

skel/etc/site.zcml

@@ -2,25 +2,25 @@
 	       xmlns:meta="http://namespaces.zope.org/meta"
            xmlns:five="http://namespaces.zope.org/five">
 
+  <meta:provides feature="devmode" />
+
   <include package="Products.Five" />
   <meta:redefinePermission from="zope2.Public" to="zope.Public" />
 
 
   <!-- Load the meta -->
-
   <include files="package-includes/*-meta.zcml" />
   <five:loadProducts file="meta.zcml"/>
 
-
   <!-- Load the configuration -->
-
   <include files="package-includes/*-configure.zcml" />
   <five:loadProducts />
 
-
   <!-- Load the configuration overrides-->
-
-  <includeOverrides files="package-includes/*-overrides.zcml" />
   <five:loadProductsOverrides />
 
+
+  <securityPolicy
+      component="Products.Five.security.FiveSecurityPolicy" />
+
 </configure>