[Zope-dev] Bugs in Zope Membership Component 0.8.0b1

[Dirksen]

Hi Bill,

All PythonScripts in ZMC 0.8.0b1 look like a direct port from Python Methods, so I found
some bugs due to the incompatibility between these two version of scripts.

1. In 'passwordForm', 'import string' should be added.
2. In 'passwordPolicy', 'self' should be ommited in the parameters list.
3. 'register', I think, should be proxy to 'Manager', like the original version.

There's another bug: anonymous user can access account's manageMe method! Say if there's
an account 'dummy', anyone can open 'www.dumy.com/test/acl_users/dummy/manageMe'. I think
the permission to view 'manageMe' should be hooked up to that of viewing management
screen. I see that you have made some special arrangements in the 'Define Permission' tab
of 'Portal Member' ZClass definition, but that doesn't seem to protect its instance,
which is a puzzle to me: what's the use to define permissions in ZClass definition or
products?

Cheers,
Dirksen

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/