[Zope] Re: Zope digest, Vol 1 #698 - 66 msgs

Tres Seaver tseaver@palladion.com
Thu, 23 Mar 2000 09:23:57 -0600 

Chris Withers <chrisw@nipltd.com>
> Organization: NIP
> To: Zope Mailing List <zope@zope.org>
> Subject: [Zope] Changing Roles
> 
> Hi,
> 
> A simple question, but getting a bit irritating...
> 
> How can I change the roles assigned to a user without knowing their
> password?
> 
> The form to do this has password fields which come up blank, and you can't
> submit the form without filling them in.
> 
> I don't want to know what the user's password is anyway, I just want to
> change the assigned roles...
> ;-)


You'll have to roll your own form, and have it call manage_users on the user
object with the variable 'remote_user_mode__=1'.  For example::

 
<URL:http://server:8080/acl_users/manage_users?name=fred&submit=Edit&remote_user_mode__=1>

suppreses the password display (but it is still there in hidden input field!)

and later writes:
> I was thinking about putting my 'Changing Roles' problem into the collector
> as either a bug or a feature request so I went and had a look.
> 
> It's REALLY hard to try and find out whether anyone else has done this
> before. Not only is there not any real categorization of bugs/featrues
> within Zope (everything seems to be 'General') but neither the search or
> advanced search is documented.
> 
> Most irritating though was that it doesn't look like you can read problems
> unless they're been solved, so although there were a couple of bug titles
> which looked like they could be what I was talking about, they were all
> ***This item is under review*** so I couldn't check.
> 
> By all means flame me if I'm being stupid, but otherwise coudl someone help
> me out?

You aren't being stupid at all.  Here is the low-down on the Collector:

 * New items in the collector are immediately marked "under review" 

 * "Under review" issues can't be viewed until they get marked "in work"
   or some such, allowing submission of security-sensitive bugs without
   publicizing them to "black hats."

 * Most issues sit in the "under review" state far longer than the minimum
   time to triage out the security bugs; this is a lamentable corrollary to
   DC's short-handedness.

Fixing this problem would require adding to the Collector a new state,
"submitted", which then becomes the "show no details to black hats" state, and
sending off nightly emails of "submitted" bugs to the sucker^H^H^H^H^Hteam
member responsible for the Collector.  Moving the bug to "under review" should
then make it visible to outsiders in all its glory.

Tres.
-- 
=========================================================
Tres Seaver         tseaver@palladion.com    713-523-6582
Palladion Software  http://www.palladion.com