[Zope-CMF] Re: [dev] createMemberarea: small proposal

Tres Seaver tseaver@zope.com
26 May 2003 10:47:37 -0400 

On Mon, 2003-05-26 at 08:16, Yuppie wrote:
> Hi!
> 
> 
> Gitte Wange wrote:
> >>Does anybody know why createMemberarea doesn't make use of invokeFactory()
> >>?
> > 
> > 
> > My guess is that is because members are not logged_in when the 
> > createMemberArea function is called (if member areas are created when 
> > joining)
> 
> Good guess! I'm not sure if Memberareas should be created for members 
> that are not logged in (see below), but even if they are logged in they 
> might not have the necessary permissions.
> 
> If we make createMemberarea scriptable, that script could get a proxy 
> role and invokeFactory() should work.
> 
> > But I think the initiative to make the member areas dynamically changeable is 
> > a great thing! I really miss that functionality (at the moment I'm 
> > subclassing the membership tool a lot of times).

I want to make the "skeleton" content cloned from a folder inside the
tool, which should require very little effort (we have a version of this
for a client project, which would need to be disentangled a bit).
 
> There is one problem with createMemberarea() that should be resolved 
> before making it scriptable:
> 
> Right now any user can trigger createMemberarea() via wrapUser(). This 
> is a potential security problem, because if createMemberarea() is 
> triggered by an other user, Ownership and Owner role of the created 
> content objects are wrong. From the method, we can call LocalRoles 
> methods and changeOwnership() to fix that. But changeOwnership() is 
> privat, so we can't call it from a script.
> 
> I think the best solution would be to call createMemberarea() from the 
> logged_in page. But I'm afraid this would be too big a change.

Shouldn't be a problem;  you might leave a way for a manager to force
creation of the member area (e.g., so that they can script modification
to its "skeleton" content :)

> So I propose this:
> 
> createMemberarea() and / or wrapUser() should check if member_id is the 
> id of the authenticated user. If not, don't add a member area.

'wrapUser' shouldn't be creating the member area at all, ideally.  I
like the idea of calling 'createMemberArea' from the logged_in page, and
leaving it possible for managers to call it from scripts.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com