Paul Baumgart <[email protected]> writes: >>> Hi Ross, >>> >>> Thanks for your reply. >>> >>> I removed sampleremember completely (it no longer shows up in the > >>> quickinstaller), completely removed the Plone directory, and re-ran >>> quickinstaller. Unfortunately, I still have the same problem. >> >> To further help you, I need to know what happens when you install *just* >> membrane and remember (not sampleremember) into a Plone site into which >> nothing else has *ever* been installed. That's what I meant by fresh. >> > > Oh, sorry about that. I meant to say I re-ran the unified installer. > It is a completely fresh copy of Plone that isn't working in this > latest case. > That is, I removed Plone completely, removed all references to > sampleremember on the system (including a copy I had easy_installed to > see if that would work), and reinstalled Plone. > > Just to make sure, I tried it once again. I: > -removed the Plone directory completely (rm -rf) > -ran the unified installer to set up a Plone standalone instance > -ran Plone it using bin/instance fg > -in the Site Setup, under Security, I enabled Self-Registration > > Without any add-on packages installed, the self-registration form > shows up fine to an Anonymous User. > > Then, I: > -stopped Plone/zope and added just Products.remember and > Products.membrane to the eggs section of my buildout.cfg > -ran bin/buildout && bin/instance fg > -went to the Add-on Products section of the Site Setup and installed > first membrane and then remember. > > As soon as I installed both of these products, the self-registration > form does not show up anymore. If I uninstall just remember from the > Add-on Products section, the self-registration form works (but > obviously the functionality I need from remember wouldn't be there, so > that doesn't solve my problem). > > As a final step, I enabled verbose-security and removed the > Unauthorized entry from the Ignored exception types under the Errors > section of the Site Setup. Then, I re-installed remember from the > Add-on Products section, and went to the self-registration page as an > Anonymous User. > > In my log, I got the following error: > > Traceback (innermost last): > Module ZPublisher.Publish, line 119, in publish > Module ZPublisher.mapply, line 88, in mapply > Module ZPublisher.Publish, line 42, in call_object > Module Products.CMFFormController.FSControllerPythonScript, line > 104, in __call__ > Module Products.CMFFormController.Script, line 145, in __call__ > Module Products.CMFCore.FSPythonScript, line 140, in __call__ > Module Shared.DC.Scripts.Bindings, line 313, in __call__ > Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec > Module Products.CMFCore.FSPythonScript, line 196, in _exec > Module None, line 16, in createMember > - <FSControllerPythonScript at /Plone/createMember> > - Line 16 > Module OFS.Traversable, line 301, in restrictedTraverse > Module OFS.Traversable, line 241, in unrestrictedTraverse > - __traceback_info__: ([], 'member.2009-07-29.9659827191') > Module Products.CMFPlone.FactoryTool, line 152, in __getitem__ > Module OFS.Traversable, line 301, in restrictedTraverse > Module OFS.Traversable, line 236, in unrestrictedTraverse > - __traceback_info__: ([], 'invokeFactory') > Module AccessControl.ImplPython, line 563, in validate > Module AccessControl.ImplPython, line 461, in validate > Module AccessControl.ImplPython, line 808, in raiseVerbose > Unauthorized: Your user account does not have the required permission. > Access to 'invokeFactory' of (TempFolder at > /Plone/portal_memberdata/portal_factory/Member) denied. Your user > account, Anonymous User, exists at /acl_users. Access requires one of > the following roles: ['Contributor', 'Manager', 'Owner']. Your roles > in this context are ['Anonymous']. > > > Which is very similar to the error previously, except without the > SampleRemember reference in the exception. > > Please let me know if I can provide any more info. Thanks for your > patience!
I've reproduced this error locally. Thanks for the great bug report. Here's the culprit: https://dev.plone.org/plone/changeset/25875/Plone The portal_factory tool used to call invokeFactory directly in unrestricted python which meant that the security check that gets performed when the restricted python on Plone's createObject script calls invokeFactory for non-portal_factory types wasn't getting done for portal_factory content. So in Plone 3.2 a fix was introduced to do a security check there. At first glance, the solution would seem to be to control the "Add portal content" permission on portal_memberdata when that checkbox is changed. I've done this in the security tab of the ZMI on my test site here and the registration form does indeed render. I've not, however, thought through the security implications of this in detail yet, so try this at your own risk. Oddly enough, this fix hasn't been ported to Plone 3.3 so the registration form works just fine under 3.3. That could be another workaround. :) The bigger surprise here is that the tests pass under Plone 3.2 and don't reveal this bug. I've been wanting to add some functional testbrowser tests anyways, so I'll be sure to cover anonymous registration when I do that. Thanks for the great bug report! Ross -- Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2009/07/1249079824818 To unsubscribe send an email with subject "unsubscribe" to [email protected]. Please contact [email protected] for questions.
