[Zope] Help : changeOwnership
Dieter Maurer
dieter@handshake.de
Sat, 7 Dec 2002 00:13:15 +0100
Pascal Romon writes:
> Could someone help me understanding how to change ownership of an
> object ?
> I've looked through the lists and docs to no avail :-(
> [ Let me point out that I am a newbie ... ]
>
> Problem (obvious) : objects created by manager are owned by manager.
> I want to relinquish ownership to a given user.
>
> Solutions (not working) : I seen some scripts using changeOwnership BUT
> 1) some scripts use a __of__ method that my Zope does not accept
> (eg a cool chown script
> http://www.zope.org/Members/vernier/Debian/CMF_Creator )
> 2) others are accepted by Zope, like -- stupid --
> changeOwnership(username)
> but upon execution of /.../object/chown?username=blahblah
> I get after typing in the identity & password
> "You are not authorized to access this resource.
> Username and password are not correct. "
> (either as manager or as the user involved).
>
> What's going on ?
Ownership has two facets in Zope:
* the "Owner" local role
It controls the special permissions granted to the objects
"owners" (their can be more than one).
You use "AccessControl.Role.RoleManager.manage_setLocalRoles"
* the ownership, describing the user that created the object
This is a Trojan horse protection. It is relevant only for
executable objects.
The effective roles when executing the object is the intersection
between the current users roles and the roles of the object's
owner (as given by the "ownership").
Thus, a low priviledged user cannot create a Trojan horse
object that when executed by a high priviledged user does
things the low priviledged user could not.
You change ownership with "AccessControl.Owned.Owned.changeOwnership".
Its argument is a user object, not a username.
Dieter