Commit ee25fe25 authored by Evan Simpson's avatar Evan Simpson

Modified _doChangeUser to leave password unchanged if the 'password' parameter...

Modified _doChangeUser to leave password unchanged if the 'password' parameter is None.  _changeUser now always accepts "password == confirm == None", and sets 'password' to None if "password == 'password' and confirm == 'confirm'".

This gives Users an unambiguous protocol for both DTML and Python code to change roles/domains without touching the password.  editUser.dtml has a somewhat magical protocol, which users need not worry about.
parent d5ec95af
......@@ -84,7 +84,7 @@
##############################################################################
"""Access control package"""
__version__='$Revision: 1.100 $'[11:-2]
__version__='$Revision: 1.101 $'[11:-2]
import Globals, App.Undo, socket, regex
from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping
......@@ -531,12 +531,15 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
def _changeUser(self,name,password,confirm,roles,domains,REQUEST=None):
if password == 'password' and confirm == 'confirm':
# Protocol for editUser.dtml to indicate unchanged password
password = confirm = None
if not name:
return MessageDialog(
title ='Illegal value',
message='A username must be specified',
action ='manage_main')
if not password or not confirm:
if password == confirm == '':
if not domains:
return MessageDialog(
title ='Illegal value',
......@@ -680,6 +683,7 @@ class UserFolder(BasicUserFolder):
def _doChangeUser(self, name, password, roles, domains):
user=self.data[name]
if password is not None:
user.__=password
user.roles=roles
user.domains=domains
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment