[Zope-dev] 2.2.1 changes tighten security?
Bill Anderson
bill@libc.org
Wed, 30 Aug 2000 22:01:11 -0600
Working on a new release of Membership, I have encountered a problem.
Doing the development in 2.2.1, I cant seem to access my roles managemenu UI as Manager.
For those who haven't seen it, her eit is:
<dtml-in ShowUsers>
<dtml-call "REQUEST.set('user',_['sequence-item'][0])">
<form action="/acl_users/manageRolesForUser" method=POST>
<br> <dtml-var user> <dtml-var "user.roles">
<input type=hidden name=user value="<dtml-var user>">
<input type=submit name=submit value="Manage Roles">
</form>
</dtml-in>
Where ShowUsers is a python mehtod that returns a list of user objects.
The traceback indictaes the problem lies in accessing "user.roles". roles is on the Restricted Property sheet, which
requires you have the 'Manage users" role. Of course, as manager, I expect I have it. :)
This worked fine in 2.2.0, and was wondering if anyone knew what changes would bring this behaviour out, and how to fix
it off hand.
TIA, Bill
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.