[Zope-CMF] Allow Manager to edit properties of other users
Kevin Carlson
khcarlso@bellsouth.net
Mon, 2 Dec 2002 09:55:53 -0500
Tom,
I've often thought that myself but I think the line of reasoning is with
private methods you cannot make a permissions "mistake" that might cause
repercussions with a critical method such as this setMemberProperties. If
you make the method private and thus restrict access to the method to anyone
with file system access, you're fairly safe.
Not saying I totally agree, but I understand the logic behind it. That
said, you can always alter the source and restart Zope to allow protected
access to the method.
Kevin
-----Original Message-----
From: Tom Cameron [mailto:tomcameron@optusnet.com.au]
Sent: Monday, December 02, 2002 3:15 AM
To: Kevin Carlson
Cc: zope-cmf@zope.org
Subject: RE: [Zope-CMF] Allow Manager to edit properties of other users
Kevin Carlson wrote on Monday, 2 December 2002 9:01 AM:
=> You'll have to do this in an external method. Also, you might
=> want to take
=> advantage of the _changeUser method in acl_users in that
=> external method's
=> code. I am doing both of these and it works fine. Here is the
=> script I am
=> using:
=>
=> -------------------------------------------
=> from Products.CMFCore import utils
=> from AccessControl import User
=>
=> def edituserhandler(ns, username, request) :
=> pm = utils.getToolByName(ns, 'portal_membership')
=> member = pm.getMemberById(username)
=> member.setMemberProperties(request)
=> password = request.get('password')
=> confirm = request.get('confirm')
=> roles = request.get('role')
=> domains = request.get('domains')
=> md = ns.acl_users._changeUser(username, password, confirm, roles,
=> domains, request)
=> return md
=>
Kevin,
Thanks for this, just want I wanted, I assume 'ns' is the portal object.
It does seem a little weird to me that this method is private, I reckon it
should be
declareProtected('Manage users','setMemberProperties')
so that anybody with the proper manger rights could use it. I wonder if that
should be a suggestion?
Tom