Dirksen wrote:
> Hi Bill,
>
> All PythonScripts in ZMC 0.8.0b1 look like a direct port from Python Methods, so I
>found
> some bugs due to the incompatibility between these two version of scripts.
>
> 1. In 'passwordForm', 'import string' should be added.\
for those watching, it is actually genPasswordForm :)
> 2. In 'passwordPolicy', 'self' should be ommited in the parameters list.
yup
> 3. 'register', I think, should be proxy to 'Manager', like the original version.
done
> There's another bug: anonymous user can access account's manageMe method! Say if
>there's
> an account 'dummy', anyone can open 'www.dumy.com/test/acl_users/dummy/manageMe'. I
>think
> the permission to view 'manageMe' should be hooked up to that of viewing management
> screen. I see that you have made some special arrangements in the 'Define
>Permission' tab
> of 'Portal Member' ZClass definition, but that doesn't seem to protect its instance,
> which is a puzzle to me: what's the use to define permissions in ZClass definition or
> products?
Even better, changing the permissions on the method in the ZClass don't seem to
propogate to existing entries,
but do to new ones ...ohh, wait, damned browser caching ...
Ugh, must get some sleep.
Bill
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
