On 24 Jan 2002, Leonardo Rochael Almeida wrote:
> When you give a method one or more proxy roles, the user that can
> view/call it assumes these roles instead of his own. That means he has
> the permissions these proxy roles have, instead of the permissions his
> own roles would give him (which means proxy-roles can enhance as well as
> reduce permissions). This means proxy roles only work for that method
> that is being viewed/called (and other methods called from it as well),

Actually, I believe this is not true.  My understanding is that
the proxy is only good for the method it is on.  If it calls another
DTML method, that sub-DTML method runs with the original user's
roles.  I believe the same is true for called pythonscripts.

Actually, writing that down calls forth a question.  If you put
a proxy role on a method to *reduce* priviledges, shouldn't the
reduction apply to called methods even if an increase in permissions
doesn't apply to called methods?  Does it?


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to