Permission problems for objects that have a non-existing owner

published Dec 13, 2010

And show how to change ownership in Plone.

I had problems at a client site using Plone 3.3 and quintagroup.plonecomments 4.1.2. I do not think the problem is in that last package, but that is the spot where strange behaviour surfaced. The client reported that on some pages the comments were visible but the buttons to Remove or Edit them was not visible, not even for a Manager.

The comments and their buttons were shown by the plone.comments viewlet, which is customized by quintagroup.plonecomments. The Remove button was guarded by a permission 'Moderate Discussion'. The page template claimed that as Manager I did not have this permission. A simple Script Python added in the ZMI showed that this was non-sense: I did have that permission:

return context.portal_membership.checkPermission(
    'Moderate Discussion', context)

In the end, what turned out to be the problem was that the object was owned by a user that no longer existed. Somehow that seems to have tricked Plone/Zope into thinking (at least in the template of this viewlet) that no one had the Moderate Discussion permission anymore. Other permissions seemed unaffected; for example you could still view the comments and reply to them.

Giving someone the local role Owner in the ZMI, or changing the Creator in the Ownership tab of the edit form did not have any effect. I had to add 'ownership_form' at the end of the url of the object to give ownership of this item (and its subobjects) to someone else. This fixed it, even when I myself was not the new owner.

So it looks like somewhere some code path was triggered that did not like the fact that the current owner did not exist anymore.

Now, maybe something weird was happening because the plone.comments viewlet was customized in the portal_view_customizations, but this worked without problems on a local older copy of the Data.fs. I still do not understand what the difference is between the live site and my local copy where I could remove comments everywhere just fine, even though the owner was gone there as well. Well, stranger things have happened in this particular Data.fs and I have come up with stranger solutions to tackle them. This one was quite clean. :-)