Dieter Maurer wrote:
My question stemmed from the fact that (for reasons I cannot not duplicate), I was repeatedly getting Unauthorized exceptions using the manage_delObjects() function. Thus, I moved the functionality into an External Method, intending to avoid the restrictions.Nikko Wolf wrote at 2005-10-14 15:37 -0600:I'm trying to allow users to delete objects that have been accidentally created. I have criteria for what that means, but since I *DO NOT* want them to delete object except by this method, I want to avoid granting "Delete objects" to them (non-Managers).Can this even be done? At the base level, "Delete objects" is a hard-coded requirement of the ObjectManager.manage_delObjects() function.Usually, an "External Method" is not restricted by Zope's security. Unless "manage_delObjects" does not perform an additional internal check (I think, it does not), your "External Method" can use it to delete objects.
But even there, throughout changes too numerous to remember now, the Unauthorized problem persisted. Then, after snooping around I found code in zope/lib/python/OFS/ObjectManager.py that set __ac_permissions__ with an entry:
('Delete objects', ('manage_delObjects',))
... hence my thought was that the ObjectManager class had the requirement builtin at the source code level. Even trying new security context (created from within the External Method) did not work.
After many hours of effort and debugging, I find that it works in a "Script (Python)" with precisely the same code that I (thought I) used originally. Obviously, something is different, but unless it was a subtle typo that compiled correctly and worked (but not as desired) I cannot fathom what has changed.
Indeed, I know that well. I *had* tried a multitude of variations before sending; and I'd originally included details in the first posting, but deleted it before I sent it since the question seemed to stand on its own.BTW: Often, it is more faster simply to try something than to post a question to the mailing list and wait for the answer. Your question above is such a case ...
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )