Nikko Wolf wrote at 2005-10-14 15:37 -0600: >I'm trying to allow users to delete objects that have been accidentally >created. I have criteria for what that means, but since I *DO NOT* want >them to delete object except by this method, I want to avoid granting >"Delete objects" to them (non-Managers). > >Can this even be done? At the base level, "Delete objects" is a >hard-coded requirement of the ObjectManager.manage_delObjects() function.
Usually, an "External Method" is not restricted by Zope's security. Unless "manage_delObjects" does not perform an additional internal check (I think, it does not), your "External Method" can use it to delete objects. BTW: Often, it is more faster simply to try something than to post a question to the mailing list and wait for the answer. Your question above is such a case ... -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )