[Zope] exUserFolder, non Manager - but with permissions
Wed, 31 Oct 2001 22:07:32 +0100
Heimo Laukkanen writes:
> I have updated to newest exUserFolder, but stumbled to a new problem. =
> have created user with all the permissions, but I am still unable to
> edit users unless I give the Manager-role to the user.
> Is this a similar problem with acquisition as in:
> I browsed through the code of exUserFolder.py and didn't see if it
> inherits Acquisition.Implicit - it is though imported.
> class exUserFolder(Folder,BasicUserFolder,CopyContainer):
Because "Folder" inherits "Acquisition.Implicit", this
is a different problem (but one that has occured already earlier
--> mailing list archives).
Some methods are not protected by a permission but
directly by roles (probably a bug).
User management of Zope=B4s basic user folder was affected.
My "DocFinder" product has been able to detect such
methods (it would say "explicit 'Manager'" in the
permission column). Unfortunately, it no longer
works with the new permission management implemented
in "C" -- at least not yet.
Not sure, whether it still works for your Zope installation.
Maybe, you try it out
If it is this problem, then you need to provide
a permission declaration for the respective function...