[Zope-dev] Can't edit CMF/Plone content if the creator is deleted
Florent Guillaume
fg@nuxeo.com
Sat, 12 Oct 2002 18:13:24 +0000 (UTC)
Could you expand on what you mean by "content" ? Is it executable
content (DTML, ZPT, python scripts)?
Also what's the failure mode. Unauthorized? Traceback?
Finally have you tried VerboseSecurity (if that applies)?
Florent
Adrian Hungate <adrian@haqa.co.uk> wrote:
> I don't know if this is a Zope, CMF, Plone or DCWorkflow issue, but I just
> got bitten by what appears to be a bug in someone's security handling.
>
> If you create some content as user A, then delete user A, no one can edit
> the content, or change it's ownership.
>
> I created a site as "manager" and created a bunch of content. Then I created
> the users that would actually be maintaining the content and deleted
> "manager" (It's far too easy to guess at). Suddenly, all updates started
> failing, and continued failing, untill I re-created the "manager" user.
>
> I have set the domain to 127.0.0.1 so the user can not log in, but I would
> really like to know if this is and intended security feature or a bug.
>
> Any input would be appreciated.
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com