Context Navigation

← Previous Ticket
Next Ticket →

Ticket #5787 (new Bug)

Opened 5 years ago

Last modified 3 years ago

MemberData.canPasswordSet and MemberData.canDelete should check all available manager

Reported by:	fafhrd	Owned by:
Priority:	minor	Milestone:	3.3.x
Component:	Infrastructure	Keywords:
Cc:

Description

in canDelete and canPasswordSet PlonePAS checks allowPasswordSet against first manager but there whould be situation when second manager can change password or delete user.

Change History

comment:1 Changed 5 years ago by fafhrd

Keywords PlonePAS removed

--- memberdata.py.orig  2006-09-06 17:19:22.000000000 +0600                                                               
+++ memberdata.py       2006-09-06 17:18:46.000000000 +0600                                                               
@@ -231,7 +231,9 @@                                                                                                       
         if managers:                                                                                                     
             for mid, manager in managers:                                                                                
                 if IDeleteCapability.providedBy(manager):                                                                
-                   return manager.allowDeletePrincipal(self.getId())                                                     
+                   result = manager.allowDeletePrincipal(self.getId())                                                   
+                   if result:                                                                                            
+                       return result                                                                                     
         return 0                                                                                                         
                                                                                                                          
                                                                                                                          
@@ -243,7 +245,9 @@                                                                                                       
         if managers:                                                                                                     
             for mid, manager in managers:                                                                                
                 if IPasswordSetCapability.providedBy(manager):                                                           
-                   return manager.allowPasswordSet(self.getId())                                                        
+                   result = manager.allowPasswordSet(self.getId())                                                      
+                   if result:                                                                                            
+                       return result                                                                                     
         return 0                                                                                                         
                                                                                                                          
     def passwordInClear(self):

comment:2 Changed 3 years ago by hannosch

Component changed from Users/Groups to Infrastructure

Note: See TracTickets for help on using tickets.

Download in other formats: