I'm trying to allow users to delete objects that have been accidentally created. I have criteria for what that means, but since I *DO NOT* want them to delete object except by this method, I want to avoid granting "Delete objects" to them (non-Managers).

Can this even be done? At the base level, "Delete objects" is a hard-coded requirement of the ObjectManager.manage_delObjects() function.

One solution that I considered is to create a new role with the privilege, then within my ExternalMethod:
 - grant the role to the user for the folder,
 - delete the object,
 - remove the role for that user for the folder

But this seems overly tedious, and a problem if the script terminates before removing the role. Similarly, it could use the Manager role in the same scenario, but this seems dangerous.

Any insights appreciated,

PS: This seems on-topic, but using the code shown did not seem to have any effect:

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to