[Zope-CMF] [Warning] CMF upgrade made login impossible
Dieter Maurer
dieter@handshake.de
Wed, 9 Jan 2002 13:59:50 +0100
Yesterday, I upgraded to the current CVS version of CMF.
Today, I recognized that I were no longer able to login.
The analysis revealed:
"RegistrationTool.RegistrationTool.setProperties" is called in
"logged_in" in order to set the time of last login.
The method is protected by "SetOwnProperties".
Apparently, the default roles for "SetOwnProperties" have
been "Manager, Member". But after the upgrade, they are now
only "Manager,". Of course, a normal member is now no
longer able to login, because the call to "setProperties"
raises an "Unauthorized" exception that is redirected to
the login form again.
This problem was very nasty to analyse, as the error page was replaced
by the login form :(
Fortunately, the work around was easy. Map "Set own properties" to
"Member" in the security tab.
"SetOwnPassword" and several other registration permissions got
changed their default roles in a similar way. They may exhibit similar
problems.
Dieter