Index: openacs-4/packages/xotcl-core/tcl/context-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/context-procs.tcl,v
diff -u -r1.39 -r1.40
--- openacs-4/packages/xotcl-core/tcl/context-procs.tcl	6 Sep 2008 13:02:15 -0000	1.39
+++ openacs-4/packages/xotcl-core/tcl/context-procs.tcl	24 Sep 2008 12:58:44 -0000	1.40
@@ -345,6 +345,7 @@
     if {![info exists party_id]} {
       set party_id [my user_id]
     }
+    # my log "--  context permission user_id=$party_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
     if {$party_id == 0} {
       set key permission($object_id,$privilege,$party_id)
       if {[my exists $key]} {return [my set $key]}
@@ -358,7 +359,8 @@
       }
       # The permission is not granted for the public.
       # We force the user to login
-      auth::require_login
+      #my log "-- require login"
+      #auth::require_login
       return 0
     }
 
@@ -369,6 +371,8 @@
                      -party_id $party_id \
                      -object_id $object_id \
                      -privilege $privilege]
+    #my log "--  context return [my set $key]"
+    #my set $key
   }
   
 #   ConnectionContext instproc destroy {} {
Index: openacs-4/packages/xotcl-core/tcl/policy-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/policy-procs.tcl,v
diff -u -r1.15 -r1.16
--- openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	9 Dec 2007 16:45:10 -0000	1.15
+++ openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	24 Sep 2008 12:58:44 -0000	1.16
@@ -14,26 +14,28 @@
     set c [self]::$class
     expr {[my isclass $c] ? [$c array names require_permission] : [list]}
   }
-
+  
   Policy instproc check_privilege {
     {-login true} 
     -user_id:required 
     -package_id 
     privilege object method
   } {
+    #my log "--p [self proc] [self args]"
     if {$privilege eq "nobody"} {
       return 0
     }
     if {$privilege eq "everybody" || $privilege eq "public" || $privilege eq "none"} {
       return 1
     }
 
-    #my log "--login $login user_id=$user_id"
+    #my log "--login $login user_id=$user_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
     if {$login && $user_id == 0} {
       #
       # The tests below depend on the user_id.
       # The main reason, we call auth:require_login here is to check for exired logins.
       #
+      #my log "--p [self proc] calls require_login"
       set user_id [auth::require_login]
     }
 
@@ -134,6 +136,7 @@
 
     set permission [my get_permission $object $method]
     #my log "--permission for o=$object, m=$method => $permission"
+    #my log "--     user_id=$user_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
     if {$permission ne ""} {
       foreach {kind p} [my get_privilege -query_context $ctx $permission $object $method] break
       #my msg "--privilege = $p kind = $kind"
@@ -166,7 +169,6 @@
     if {![info exists user_id]} {set user_id [::xo::cc user_id]}
     if {![info exists package_id]} {set package_id [::xo::cc package_id]}
 
-    #my log "--p enforce_permissions {$object $method}"
     set allowed 0
     set permission [my get_permission $object $method]
     if {$permission ne ""} {