Ticket #8926 (closed Bug: fixed)
"Form authenticator is invalid" when deleting an object from the full review list; All objects are linked to folder_contents
|Reported by:||deesto||Owned by:|
|Keywords:||Full Review List, Pending state, folder view, Forbidden, Form authenticator is invalid||Cc:||deesto|
I am logged into my Plone site with the Manager role. I change a few objects to the Pending state -- a News item, and Event item, a Page -- and do a few other unrelated things in the site. In the Review List portlet, I see a list of objects in the Pending state, and I click "Full review list ...", which brings me to the "Full review list" page. Selecting one or more objects here -- one Event, and one Page -- and clicking Delete results in the following traceback:
Module ZPublisher.Publish, line 119, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 42, in call_object Module Products.CMFFormController.FSControllerPythonScript, line 104, in __call__ Module Products.CMFFormController.Script, line 145, in __call__ Module Products.CMFCore.FSPythonScript, line 140, in __call__ Module Shared.DC.Scripts.Bindings, line 313, in __call__ Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec Module Products.CMFCore.FSPythonScript, line 196, in _exec Module None, line 19, in folder_delete - <FSControllerPythonScript at /[my-site]/folder_delete> - Line 19 Module <string>, line 3, in _facade Module plone.protect.utils, line 32, in _curried Module plone.protect.authenticator, line 60, in check Forbidden: Form authenticator is invalid.
I don't understand what "Forbidden: Form authenticator is invalid" means in this context, but it doesn't help in debugging the issue.
I then return to the Full Review List, and click one of the listed objects, and I notice a few strange things:
- The content of the object is blank, with the exception of the
original title, name, and description, all of which are retained
- The returned page claims "This folder has no visible items. To add
content, press the add button, or paste content from another location."
- The object's URL is now appended with '/folder_contents'.
There seem to be two problems, and I'm not sure which is the real problem and which is a by-product of the other:
- The Review List seems to assume that every object in the list is a
- Every object in the Review List is being duplicated (incorrectly) as
another object with type:folder.
If one simply clicks one of the objects in the Review portlet, and not on "Full review list...", the error is not encountered, so I suspect a problem in whatever view is driving the Full Review List page.
- Status changed from new to closed
- Resolution set to fixed
- Summary changed from Full Review List assumes Folder view for Pending objects to "Form authenticator is invalid" when deleting an object from the full review list; All objects are linked to folder_contents