Forum OpenACS Q&A: User cannot change password

Collapse
1: User cannot change password
Posted by Peter Alberer on 04/30/02 02:05 PM

I found that a user cannot change her password cause she has no admin rights on herself (would have "write" perm).

permission::require_permission -party_id $user_id -object_id $user_id -privilege "admin" returns "f" for the user.

Is this correct ?

In addition to that i do not quite understand why the required permission can be "write" / "admin" depending on the existence of the user_id. This has probably something to do with the distinction between password change carried out by a user or an admin for a user ?

Collapse
2: Response to User cannot change password (response to 1)
Posted by Don Baccus on 04/30/02 02:58 PM
This is a bug, one I've not seen reported before.  I should think "write" perms should be sufficient but haven't looked at the code.  If you want to explore more deeply and report back, that would be nice.  A bug report and patch, perhaps?

If you've got the time and inclination, that is ...

Collapse
3: Response to User cannot change password (response to 1)
Posted by Peter Alberer on 04/30/02 07:10 PM

I looked into the problem a little bit and found out that the current distinction between rights is needed for the admin-changes-user-password functionality.
But it seems as if this functionality has not fully been implemented (especially in the adp part). The whole page logic (for a few pages) does not seem to fit the scenario that one user changes another users password.

I have corrected the situation as far as i could. Now the user can change her password and the admin can change it for her as well. But there are some pages that have to be changed

  • password-update.tcl
  • password-update.adp
  • password-update-2.tcl

I will try to create a patch and upload it to the bug report i filed. (https://openacs.org/sdm/one-baf.tcl?baf_id=1491)

Collapse
4: Response to User cannot change password (response to 1)
Posted by Peter Alberer on 05/06/02 10:55 AM
Very funny, looking at the checkout i did during dotlrn installation i found the problem halfway corrected. In the oacs-4-5 tagged checkout there is a complete different solution using ad_require_permission instead of permission::require_permission.
Collapse
5: Response to User cannot change password (response to 1)
Posted by Don Baccus on 05/06/02 03:32 PM
This is probably because someone submitted a patch to fix this for 4.5, and the dotLRN folks ran into it and fixed it in old sources.

Do you have time to help straighten out which approach is better?

Collapse
6: Response to User cannot change password (response to 1)
Posted by Yonatan Feldman on 05/06/02 04:20 PM
hi don and peter,

i have been the one patching this code, sorry i wasn't aware of this thread
otherwise i would have posted earlier.

the code probably needs a little clean up, i have done some, but nothing
significant.

peter, if you want, lets sync up and figure out what else needs to be done to
make the change password code clean and solid.

Collapse
7: Response to User cannot change password (response to 1)
Posted by Peter Alberer on 05/07/02 10:12 AM
I have been looking at both versions and think that there is not much difference as far as functionality is concerned. Yon´s version looks a little bit cleaner to me. (it does not try to accept the old_password as a parameter, which seems unneccessary to me and makes things more complicated)
Collapse
8: Response to User cannot change password (response to 1)
Posted by Andrei Popov on 05/16/02 01:51 PM
Any place these changes could bepicked up from?  They sure don't seem to be in nightlies...
Collapse
9: Response to User cannot change password (response to 1)
Posted by Yonatan Feldman on 05/16/02 02:48 PM
i fixed yet another bug that was not letting a user change their own
password in certain situations last night. it shoul dbe in the next nightly build
or you can check out from the HEAD.