Maybe you could go and read my HowTo. http://www.zope.org/Members/hramos/howtos/manage_users Hugo At 16:11 25-09-2001 +0200, you wrote:
Hi!
I'm exploring Zope for only 2 weeks, so I'm quite a Newbie. I worked myself through "The Zope Book" (till they started with Python, I'm keeping that for later) and right now I'm reading the german "Zope" book by beehive. And I get stuck.
What I want to do: I want users to be able to change their passwords, but only their own one. So they have to enter their username and password to get to a page with a form where they can enter the new password, if the given password for the username was correct.
How: I try to check this (as described in the book) with: <dtml-if expr="acl_users.getUser(REQUEST.form['Name']).authenticate(REQUEST.form['Passwort'],REQUEST)">
Problem: When I'm submit my form (with 'Name' and 'Passwort') I mysteriously get the Zope login popup (although I'm logged in as manager). And even if I enter my Password I get the PopUp again and again. After the third time I get eventually an error saying:
Unauthorized: authenticate
in the last line. If I view without the "manage" I don't get a Popup but:
Error Type: TypeError Error Value: unhashable type
rightaway.
Excluded problem sources:
The variables are there. Spelling is correct. I can do all the other things (getUser, getRoles, etc.) without problems, only the "authenticate" is incooperative. I checked all security and permission tabs, but didn't find anything unnormal. It doesn't matter whether I try to check the Username I am logged in as, or a different one.
So, did anyone have similar problems. Has "authenticate()" a special position, needs more permissions than the others? I just don't see why e.g. "getUser()" should be more restricte than "authenticate()".
Or am I standing on the Schlauch here ;-) / not getting the point?
TIA, have a nice day/morning/night, Toh!