[Zope-PTK] Adding LoginManager at the root

[Dan L. Pierson]

Tres Seaver writes:
 > Kevin Dangoor wrote:
 > > 
 > > I'd like to replace my main acl_users folder with a LoginManager.
 > > Logged in as the superuser, I'm able to delete the acl_users folder
 > > and then add an acl_users LoginManager. However, I'm not able to add
 > > a UserSource or SheetProvider, because "Objects cannot be owned by
 > > the superuser".
 
Aha!  This was the clue I needed.  I just wasted 2 days trying to
install a LoginManager as a user with Manager role instead of as
superuser (on Zope 2.1.6).  Am I the only one who does all site
building as a Manager?  I thought that was the way it was supposed to
be done (yes, I use sudo in Linux instead of logging in as root too).

While I learned a lot about LoginManager in the process, I'm now
pretty convinced that it is impossible to install as Manager.  The
visible symptom is that you are immediately presented with a default
login form with a bogus action url.  Details:

- loginForm is called from the end of LoginManager.validate EVEN IF
you unchecked the box to create the default loginForm.  I don't
understand this because hasattr(self, 'loginForm') should return false 
if that box isn't checked.

- Given a test folder at
http://xxx.yyy.zzz/login_manager_tester/ltester, SCRIPT_NAME is '' and 
PATH_INFO is //login_manager_tester/ltester.  This makes the form's
action '//login_manager_tester/ltester'.  All of this happens exactly
the same whether or not the default login form was enabled.  All of
this also happens exactly the same whether I try to access the folder
logged in as a Manager or not logged in.

Now, obviously something else is bogus because validate shouldn't have 
gotten all the way down to the last gasp case anyway.  All I guess at
this point is that it's something to do with superuser vs. Manager
role permissions.  Any clue as to what?