Workflow problem with SVN version and 'new_private' workflow
from
Jim Nelson
on May 07, 2008 03:00 PM
After getting my remember-based product working, I realized that their data was being exposed to the world. After
adding a workflow to the product se to default to 'new_private', the user profile was hidden, but users could not set
their own passwords.
I got the following error after turning on verbose security:
2008-05-07 13:23:46 ERROR Zope.SiteErrorLog http://aanamembertest.neteasyinc.com/pwreset_form
Traceback (innermost last):
Module ZPublisher.Publish, line 119, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 42, in call_object
Module Products.CMFFormController.FSControllerPageTemplate, line 90, in __call__
Module Products.CMFFormController.BaseControllerPageTemplate, line 28, in _call
Module Products.CMFFormController.ControllerBase, line 231, in getNext
Module Products.CMFFormController.Actions.TraverseTo, line 38, in __call__
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 42, in call_object
Module Products.CMFFormController.FSControllerPythonScript, line 104, in __call__
Module Products.CMFFormController.Script, line 145, in __call__
Module Products.CMFCore.FSPythonScript, line 140, in __call__
Module Shared.DC.Scripts.Bindings, line 313, in __call__
Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec
Module Products.CMFCore.FSPythonScript, line 196, in _exec
Module None, line 6, in pwreset_action
- <FSControllerPythonScript at /test/main/pwreset_action>
- Line 6
Module Products.PasswordResetTool.PasswordResetTool, line 151, in resetPassword
Module Products.remember.content.member, line 325, in setMemberProperties
Module Products.remember.content.member, line 321, in setProperties
Module Products.remember.content.member, line 572, in update
Module Products.remember.Extensions.workflow, line 23, in triggerAutomaticTransitions
Module Products.CMFCore.ActionProviderBase, line 92, in listActionInfos
Module Products.CMFPlone.PloneBaseTool, line 148, in _getExprContext
Module Products.CMFPlone.PloneBaseTool, line 127, in getExprContext
Module Products.CMFPlone.PloneBaseTool, line 79, in createExprContext
Module OFS.Traversable, line 301, in restrictedTraverse
Module OFS.Traversable, line 195, in unrestrictedTraverse
- __traceback_info__: ([], '@@plone_portal_state')
Module AccessControl.ImplPython, line 563, in validate
Module AccessControl.ImplPython, line 461, in validate
Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission. Access to '@@plone_portal_state' of (AANAMember
at /test/main/portal_memberdata/dirk used for /test/main/acl_users) denied. Your user account, Anonymous User, exists at
/acl_users. Access requires one of the following roles: ['Manager', 'Owner']. Your roles in this context are ['Anonymous'].
Playing with one of the users and enabling the 'View' permission for 'Anonymous' allowed that specific user to set their
password, but also made their profile visible.
What do I need to do to make this work?
