Heimo Laukkanen writes:
I have updated to newest exUserFolder, but stumbled to a new problem. I have created user with all the permissions, but I am still unable to edit users unless I give the Manager-role to the user.
Is this a similar problem with acquisition as in:
http://groups.yahoo.com/group/zope/message/75023
I browsed through the code of exUserFolder.py and didn't see if it inherits Acquisition.Implicit - it is though imported.
class exUserFolder(Folder,BasicUserFolder,CopyContainer): Because "Folder" inherits "Acquisition.Implicit", this is a different problem (but one that has occured already earlier --> mailing list archives).
Some methods are not protected by a permission but directly by roles (probably a bug). User management of ZopeĀ“s basic user folder was affected. My "DocFinder" product has been able to detect such methods (it would say "explicit 'Manager'" in the permission column). Unfortunately, it no longer works with the new permission management implemented in "C" -- at least not yet. Not sure, whether it still works for your Zope installation. Maybe, you try it out <http://www.dieter.handshake.de/pyprojects/zope> If it is this problem, then you need to provide a permission declaration for the respective function... Dieter