Your question addresses a fundamental lack in Zope. Zope was developed internally in a closed source fasion for years to address the needs of paying customers. These customers typically did not design applications themselves, we did all of that. Therefore, much of Zope's API is fairly oriented toward specific directions and there are big gaping holes. Don't let that discourage, you, there are big gaping holes in all software. We are working on a project right now to come up with a solid undertanding of interfaces in Zope. While this may seem like a simple task, it is not, but we are working on it and we are making progress. Here, you have come upon a hole, there is a method that lets you do a number of things in one call but there are no decomposed methods that let you do finer grained tasks. This kind of situation is common, not just in Zope, but in lots of software where extensability is very important. Unfortunatly, this is a gnarly problem. For example, if we decompose manage_users() into a number of smaller methods, it would make sense for us to re-implement manage_users() to use those methods. But this involves not only writing a bunch of new methods but also taking solid proven code and discarding it for new code, based on even _newer_ code. This problem becomes almost nauseatingly dificult when you consider that we could turn this process to all objects in Zope, Folders, ObjectManagers, ZCatalogs... And while it may seem clear there should be so and so methods to decompose to, we need to make sure we think hard about issues like, should they be callable via XML-RPC? Will this new method reveal a security exploit? etc... I don't want to take the wind out of your sails, perhaps you could suggest some improvments, all the code is there. For now we are taking small steps, document what is there, propose a framework for sensible extension, and then fill in some of the gaps, and tear down some of the cruft. I will make a note of your question for when we get to security. -Michel
Hi,
A simple question, but getting a bit irritating...
How can I change the roles assigned to a user without knowing their password?
The form to do this has password fields which come up blank, and you can't submit the form without filling them in.
I don't want to know what the user's password is anyway, I just want to change the assigned roles... ;-)
HSCH,
Chris
PS: Zope 2.1.4 and 2.1.6...
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )