[Zope-dev] Membership and Local Roles
Michael Bernstein
mbernstein@profitscape.com
Tue, 19 Sep 2000 12:45:37 -0500
Michael Bernstein wrote:
>
> I figured out how to get this to work (finally).
>
> In the acl_users LM, add the following two Python methods:
Well, I discovered another problem:
For some reason, when I create a PortalMembership member, add the two
Python methods as I described earlier, and use the local roles screen to
give them a role, they are subsequently authenticated regardless of
whether their password is correct.
Here's an example illustrating the bug:
- Create a new folder /hello
- Add a PortalMembership System
- Add the user_names and getUsernames Python Methods
- Use the joinForm to add a new member 'testuser'
- Create a subfolder /hello/hello2
- Go to the hello2 local roles screen, and add a manager local
role for testuser
- Exit your browser, and restart it.
- Go to /hello/hello2/manage
- You are presented with the PortalMembership loginForm
- login as testuser, but leave the password field blank
- You will be authenticated anyway, and see the management
interface
Note that logging in using a non-existent username does not work, the
only problem seems to be that it ignores the password.
Any ideas?
Michael Bernstein.