-#sub post_new_object_callback {
-# my( $cgi, $access_user ) = @_;
-#
-# if ( length($cgi->param('_password')) ) {
-# my $password = scalar($cgi->param('_password'));
-# my $error = $access_user->is_password_allowed($password);
-# #XXX and then bubble the error back up to the UI
-# }
-#}
+sub post_new_object_callback {
+ my( $cgi, $access_user ) = @_;
+
+ return '' unless length($cgi->param('_password'));
+
+ my $password = scalar($cgi->param('_password'));
+ my $error = $access_user->is_password_allowed($password);
+ return $error if $error;
+
+ $access_user->change_password_fields($password);
+ '';
+}