Ticket #20263 (new Bug)

Opened 14 months ago

Going to "/edit" adds current user as owner of the object

Reported by: frapell Owned by: davisagli
Priority: major Milestone: 5.0
Component: Dexterity Version:
Keywords: creators, user, edit Cc:

Description

I have found this bug by using plone.app.contenttypes in a Plone 4 instance, and was able to reproduce it in a fresh Plone 5 from master

All you need is either a Plone 4 with plone.app.contenttypes, or use latest buildout.coredev

Steps to reproduce:

  1. Create 2 users in your site, 'usera' and 'userb'
  2. Login using 'usera'
  3. Create a test page
  4. Go to /portal_catalog/manage_catalogView
  5. Click on the content you just created to see its indexed data
  6. You should see just 'usera' listed in the creators
  7. Now, logout and login again using 'userb'
  8. Go to the same content you created with 'usera' and click "Edit". There is no need to save or cancel, just going to /edit is enough.

NOTE: You can already see the 'userb' being listed in the ownership tab

  1. Go back to /portal_catalog/manage_catalogView
  2. Find the test object and click the checkbox to the left and click the "Update" button
  3. Click the object to see its indexed data again, and you will see that now 'userb' gets listed along with 'usera'

I did some research and couldn't find yet what is causing this, but I'm pretty sure it has something to do with Dexterity, since it doesn't happen in a Plone 4 if p.a.contenttypes is not installed. I will update the ticket as soon as I have more details...

Note: See TracTickets for help on using tickets.