allow access to image scales in an edge case

svn path=/plone.namedfile/trunk/; revision=51654

docs/HISTORY.txt

@@ -4,6 +4,10 @@ Changelog
 1.0.4 - unreleased
 ------------------
 
+* Make sure image scales of allowed attributes can be accessed on disallowed
+  containers.
+  [davisagli]
+
 * Add unit tests for safe_filename, since not exercised within this module.
   (should be moved to plone.formwidget.namedfile?)
   [lentinj]

plone/namedfile/scaling.py

@@ -20,6 +20,10 @@
 class ImageScale(BrowserView):
     """ view used for rendering image scales """
 
+    # Grant full access to this view even if the object being viewed is protected
+    # (it's okay because we explicitly validate access to the image attribute
+    # when we retrieve it)
+    __roles__ = ('Anonymous',)
     __allow_access_to_unprotected_subobjects__ = 1
 
     def __init__(self, context, request, **info):