[Zope] Re: exUserFolder, non Manager - but with permissions
Andrew Kenneth Milton
akm@theinternet.com.au
Wed, 31 Oct 2001 18:52:01 +1000
+-------[ Heimo Laukkanen ]----------------------
| Andrew Kenneth Milton wrote:
|
| > Folder is based on Acquistion.Implicit.
| >
| > I think the problem is there is no explicit permissions for editing users
| > try this;
| >
| > add 'manage_editUserForm', 'manage_editUser' to the __ac_permissions__
| > under 'Manage users' permission entry like so;
| >
| > ('Manage users', ('manage_users', 'manage_editUserForm', 'manage_editUser')),
|
| Yes. That seemed to do the trick.
|
| Could you give me a clue, what was the problem? Was it that there was no
| permission set for those manage_editUserForm and manage_editUser and
| therefore Zope security mechanism wanted to get Manager authorization?
The security permission model changed a little in 2.4. Anything with manage_
must have a role explicitly allowed, or it requires Manager role.
I've had a few of these crop up in other projects as well. Just matter of
finding them all.
--
Totally Holistic Enterprises Internet| | Andrew Milton
The Internet (Aust) Pty Ltd | |
ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|