[Zope-CMF] [Warning] CMF upgrade made login impossible

Dieter Maurer dieter@handshake.de
Wed, 9 Jan 2002 13:59:50 +0100


Yesterday, I upgraded to the current CVS version of CMF.
Today, I recognized that I were no longer able to login.

The analysis revealed:

  "RegistrationTool.RegistrationTool.setProperties" is called in
  "logged_in" in order to set the time of last login.
  The method is protected by "SetOwnProperties".

  Apparently, the default roles for "SetOwnProperties" have
  been "Manager, Member". But after the upgrade, they are now
  only "Manager,". Of course, a normal member is now no
  longer able to login, because the call to "setProperties"
  raises an "Unauthorized" exception that is redirected to
  the login form again.

This problem was very nasty to analyse, as the error page was replaced
by the login form :(

Fortunately, the work around was easy. Map "Set own properties" to
"Member" in the security tab.

"SetOwnPassword" and several other registration permissions got
changed their default roles in a similar way. They may exhibit similar
problems.


Dieter