On 24 Jan 2002, Leonardo Rochael Almeida wrote: > When you give a method one or more proxy roles, the user that can > view/call it assumes these roles instead of his own. That means he has > the permissions these proxy roles have, instead of the permissions his > own roles would give him (which means proxy-roles can enhance as well as > reduce permissions). This means proxy roles only work for that method > that is being viewed/called (and other methods called from it as well),
Actually, I believe this is not true. My understanding is that the proxy is only good for the method it is on. If it calls another DTML method, that sub-DTML method runs with the original user's roles. I believe the same is true for called pythonscripts. Actually, writing that down calls forth a question. If you put a proxy role on a method to *reduce* priviledges, shouldn't the reduction apply to called methods even if an increase in permissions doesn't apply to called methods? Does it? --RDM _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )