Pascal Romon writes:
Could someone help me understanding how to change ownership of an object ? I've looked through the lists and docs to no avail :-( [ Let me point out that I am a newbie ... ]
Problem (obvious) : objects created by manager are owned by manager. I want to relinquish ownership to a given user.
Solutions (not working) : I seen some scripts using changeOwnership BUT 1) some scripts use a __of__ method that my Zope does not accept (eg a cool chown script http://www.zope.org/Members/vernier/Debian/CMF_Creator ) 2) others are accepted by Zope, like -- stupid -- changeOwnership(username) but upon execution of /.../object/chown?username=blahblah I get after typing in the identity & password "You are not authorized to access this resource. Username and password are not correct. " (either as manager or as the user involved).
What's going on ? Ownership has two facets in Zope:
* the "Owner" local role It controls the special permissions granted to the objects "owners" (their can be more than one). You use "AccessControl.Role.RoleManager.manage_setLocalRoles" * the ownership, describing the user that created the object This is a Trojan horse protection. It is relevant only for executable objects. The effective roles when executing the object is the intersection between the current users roles and the roles of the object's owner (as given by the "ownership"). Thus, a low priviledged user cannot create a Trojan horse object that when executed by a high priviledged user does things the low priviledged user could not. You change ownership with "AccessControl.Owned.Owned.changeOwnership". Its argument is a user object, not a username. Dieter