[Zope] Question about security
Phil Harris
phil.harris@zope.co.uk
Wed, 22 Nov 2000 10:01:55 -0000
You need to use the same method as you would to create a user, manage_users.
If you look at the Zope Quick Reference you will see that it can take a
parameter called submit which can be 'Add...','Add', 'Edit' or 'Change'.
If you use the 'Change' variant you can change the password as you require.
Take a look in <zopedir>/lib/python/AccessControl/User.py and then take a
look at the manage_users method in the BasicUserFolder class.
hth
Phil
phil.harris@zope.co.uk
----- Original Message -----
From: "Harris Peter" <PHarris@jimbeam.co.uk>
To: <zope@zope.org>
Sent: Wednesday, November 22, 2000 9:25 AM
Subject: Re: [Zope] Question about security
> Dieter wrote:
>
> >Joaldo Junior writes:
> >> Does anyone can inform if is there any kind of function,
> >> which a common user can change your password by the same way a
superuser
> can
> >> do in ACL_User?
> >Look at the built-in Zope API reference: User object.
> >The User object has methods to read and change the information
> >associated with a user.
>
> >These methods are (of cause) protected such that only
> >users with high priviledges can execute them.
> >You will need to set a proxy role for the DTML object
> >that calls them, in order to allow less priviledged users
> >to call them.
>
> >Dieter
>
> I'm sorry, I must be missing something.
>
> The API reference I have doesn't contain any such thing. Neither does the
> Zope book, before anyone else suggests that. The DTML on zope.org uses
> a method that isn't recognised by the standard User Folder, so no help
> there.
>
> If ANYONE has EVER successfully implemented a way for users to
> change their own passwords using standard 2.2 Zope then *please* -
> post your source code here or put a HOWTO on zope.org!
>
> It's a basic requirement of any system that uses passwords, but if it
can't
> be
> done just admit it. After all, zope is still *quite* good without it. ;-)
>
> Peter Harris ()
>
>
>
>
****************************************************************************
> This message and any files transmitted with it are confidential.
> The contents may not be disclosed or used by anyone other
> than the addressee.
> If you have received this communication in error, please delete
> the message and notify JBB (Greater Europe) Plc immediately
> on 0141-249-6285.
>
> The views expressed in this email are not necessarily the views
> of JBB (Greater Europe) PLC.
> As it has been transmitted over a public network,
> JBB (Greater Europe) PLC makes no representation nor accepts
> any liability for the email's accuracy or completeness unless
> expressly stated to the contrary.
>
> Should you, as the intended recipient, suspect that the message
> has been intercepted or amended, please notify
> JBB (Greater Europe) Plc immediately on 0141-249-6285.
>
>
****************************************************************************
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )