Ticket #20263 (new Bug)
Opened 14 months ago
Going to "/edit" adds current user as owner of the object
Reported by: | frapell | Owned by: | davisagli |
---|---|---|---|
Priority: | major | Milestone: | 5.0 |
Component: | Dexterity | Version: | |
Keywords: | creators, user, edit | Cc: |
Description
I have found this bug by using plone.app.contenttypes in a Plone 4 instance, and was able to reproduce it in a fresh Plone 5 from master
All you need is either a Plone 4 with plone.app.contenttypes, or use latest buildout.coredev
Steps to reproduce:
- Create 2 users in your site, 'usera' and 'userb'
- Login using 'usera'
- Create a test page
- Go to /portal_catalog/manage_catalogView
- Click on the content you just created to see its indexed data
- You should see just 'usera' listed in the creators
- Now, logout and login again using 'userb'
- Go to the same content you created with 'usera' and click "Edit". There is no need to save or cancel, just going to /edit is enough.
NOTE: You can already see the 'userb' being listed in the ownership tab
- Go back to /portal_catalog/manage_catalogView
- Find the test object and click the checkbox to the left and click the "Update" button
- Click the object to see its indexed data again, and you will see that now 'userb' gets listed along with 'usera'
I did some research and couldn't find yet what is causing this, but I'm pretty sure it has something to do with Dexterity, since it doesn't happen in a Plone 4 if p.a.contenttypes is not installed. I will update the ticket as soon as I have more details...
Note: See
TracTickets for help on using
tickets.