[Zope-dev] Membership and Local Roles

Michael Bernstein mbernstein@profitscape.com
Tue, 19 Sep 2000 12:45:37 -0500


Michael Bernstein wrote:
> 
> I figured out how to get this to work (finally).
> 
> In the acl_users LM, add the following two Python methods:

Well, I discovered another problem:

For some reason, when I create a PortalMembership member, add the two
Python methods as I described earlier, and use the local roles screen to
give them a role, they are subsequently authenticated regardless of
whether their password is correct.

Here's an example illustrating the bug:

- Create a new folder /hello
- Add a PortalMembership System
- Add the user_names and getUsernames Python Methods
- Use the joinForm to add a new member 'testuser'
- Create a subfolder /hello/hello2
- Go to the hello2 local roles screen, and add a manager local
  role for testuser
- Exit your browser, and restart it.
- Go to /hello/hello2/manage
- You are presented with the PortalMembership loginForm
- login as testuser, but leave the password field blank
- You will be authenticated anyway, and see the management
  interface

Note that logging in using a non-existent username does not work, the
only problem seems to be that it ignores the password.

Any ideas?

Michael Bernstein.