[Zope-CMF] [Warning] CMF upgrade made login impossible
Dieter Maurer
dieter@handshake.de
Wed, 9 Jan 2002 21:08:54 +0100
Tres Seaver writes:
> Dieter Maurer wrote:
>
> > Yesterday, I upgraded to the current CVS version of CMF.
> > Today, I recognized that I were no longer able to login.
> >
> > The analysis revealed:
> >
> > "RegistrationTool.RegistrationTool.setProperties" is called in
> > "logged_in" in order to set the time of last login.
> > The method is protected by "SetOwnProperties".
> >
> > Apparently, the default roles for "SetOwnProperties" have
> > been "Manager, Member". But after the upgrade, they are now
> > only "Manager,". Of course, a normal member is now no
> > longer able to login, because the call to "setProperties"
> > raises an "Unauthorized" exception that is redirected to
> > the login form again.
>
>
> Dieter,
>
> The "default roles" for those permissions, registered in
> CMFCore.CMFCorePermissions, can include only standard
> Zope roles, and therefore don't include "Member". The
> code which does this has not changed since CMF 1.0 beta.
>
> http://cvs.zope.org/CMF/CMFCore/CMFCorePermissions.py?annotate=1.10
>
> The portal setup code in CMFDefault.Portal.PortalGenerator
> maps those permissions onto the roles 'Manager' and 'Member',
> and has done so since the initial checkin of the module:
You are right!
My setup code contains the
mp('Set own properties', ['Member','Manager',], 1)
and apparently, they have been effective, because I could use
the portal for several weeks:
I made intensive tests with non-Manager members the day before
yesterday and they worked. I upgraded yesterday but checked
non-Manager members only today. In between are hundreds
of transactions. Not easy to analyse.
I see another strange behaviour, not reproducible by Andrew:
Several actions (of "SyndicationTool", "RegistrationTool" and
"UndoTool") I changed to use German names
revert to the original English names after they are reread from
ZODB.
Maybe, its my installation. I will keep you informed.
Dieter