[Zope] exUserFolder, non Manager - but with permissions

Dieter Maurer dieter@handshake.de
Wed, 31 Oct 2001 22:07:32 +0100

Heimo Laukkanen writes:
 > I have updated to newest exUserFolder, but stumbled to a new problem. =
 > have created user with all the permissions, but I am still unable to
 > edit users unless I give the Manager-role to the user.
 > Is this a similar problem with acquisition as in:
 > http://groups.yahoo.com/group/zope/message/75023
 > I browsed through the code of exUserFolder.py and didn't see if it
 > inherits Acquisition.Implicit - it is though imported.
 > class exUserFolder(Folder,BasicUserFolder,CopyContainer):
Because "Folder" inherits "Acquisition.Implicit", this
is a different problem (but one that has occured already earlier
--> mailing list archives).

  Some methods are not protected by a permission but
  directly by roles (probably a bug).
  User management of Zope=B4s basic user folder was affected.

  My "DocFinder" product has been able to detect such
  methods (it would say "explicit 'Manager'" in the
  permission column). Unfortunately, it no longer
  works with the new permission management implemented
  in "C" -- at least not yet.
  Not sure, whether it still works for your Zope installation.
  Maybe, you try it out


  If it is this problem, then you need to provide
  a permission declaration for the respective function...