Authentication error viewing ZMI with a user defined outside of zope root

[perrinjerome]

BUG/PROBLEM REPORT / FEATURE REQUEST

manage_page_header makes a head like this:

<!doctype html>
<html lang="en">
<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />

<title>Zope</title>

	<link rel="stylesheet" type="text/css" href="/++resource++zmi/bootstrap-4.6.0/bootstrap.min.css" />
	<link rel="stylesheet" type="text/css" href="/++resource++zmi/fontawesome-free-5.15.2/css/all.css" />
	<link rel="stylesheet" type="text/css" href="/++resource++zmi/zmi_base.css" />
	<script src="/++resource++zmi/jquery-3.5.1.min.js"></script>
	<script src="/++resource++zmi/bootstrap-4.6.0/bootstrap.bundle.min.js"></script>
	<script src="/++resource++zmi/ace.ajax.org/ace.js"></script>
	<script src="/++resource++zmi/zmi_base.js"></script>

Since the "Restrict access to static ZMI resources." changes from ce5288a (Update ACE editor 1.4.4 to 1.5.0 (#1166), 2023-10-11), the links for zmi require view management screens permission.

Because the link is like this:

	<script src="/++resource++zmi/jquery-3.5.1.min.js"></script>

in practice they require view management screens permissions at the root of zope.

What I did:

1. create a folder subfolder
2. create a user folder in that folder
3. create a user u with manager role in /subfolder/acl_users
4. login as u and visit /subfolder/manage_main

What I expect to happen:

view management screens

What actually happened:

401 error while getting CSS and javascripts

What version of Python and Zope/Addons I am using:

this started from 5.9 and is still the case on current master.

---

I'll send a pull request, I think we can change the links generation logic to include the authentication path from the user. In the example case the link would be:

	<script src="/subfolder/++resource++zmi/jquery-3.5.1.min.js"></script>