Index: openacs-4/packages/xotcl-core/tcl/policy-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/policy-procs.tcl,v
diff -u -r1.15 -r1.15.2.1
--- openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	9 Dec 2007 16:45:10 -0000	1.15
+++ openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	21 Nov 2008 13:26:33 -0000	1.15.2.1
@@ -14,26 +14,28 @@
     set c [self]::$class
     expr {[my isclass $c] ? [$c array names require_permission] : [list]}
   }
-
+  
   Policy instproc check_privilege {
     {-login true} 
     -user_id:required 
     -package_id 
     privilege object method
   } {
+    #my log "--p [self proc] [self args]"
     if {$privilege eq "nobody"} {
       return 0
     }
     if {$privilege eq "everybody" || $privilege eq "public" || $privilege eq "none"} {
       return 1
     }
 
-    #my log "--login $login user_id=$user_id"
+    #my log "--login $login user_id=$user_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
     if {$login && $user_id == 0} {
       #
       # The tests below depend on the user_id.
       # The main reason, we call auth:require_login here is to check for exired logins.
       #
+      #my log "--p [self proc] calls require_login"
       set user_id [auth::require_login]
     }
 
@@ -134,10 +136,11 @@
 
     set permission [my get_permission $object $method]
     #my log "--permission for o=$object, m=$method => $permission"
+    #my log "--     user_id=$user_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
     if {$permission ne ""} {
       foreach {kind p} [my get_privilege -query_context $ctx $permission $object $method] break
       #my msg "--privilege = $p kind = $kind"
-      switch $kind {
+      switch -- $kind {
 	primitive {return [my check_privilege -login false \
 			       -package_id $package_id -user_id $user_id \
 			       $p $object $method]}
@@ -166,12 +169,11 @@
     if {![info exists user_id]} {set user_id [::xo::cc user_id]}
     if {![info exists package_id]} {set package_id [::xo::cc package_id]}
 
-    #my log "--p enforce_permissions {$object $method}"
     set allowed 0
     set permission [my get_permission $object $method]
     if {$permission ne ""} {
       foreach {kind p} [my get_privilege $permission $object $method] break
-      switch $kind {
+      switch -- $kind {
 	primitive {
 	  set allowed [my check_privilege \
 			   -user_id $user_id -package_id $package_id \