Chris Withers wrote:

Nikko Wolf wrote:

I'm trying to allow users to delete objects that have been accidentally created. I have criteria for what that means, but since I *DO NOT* want them to delete object except by this method, I want to avoid granting "Delete objects" to them (non-Managers).

Have the "delete process" done in a python script or external method.
Only give "view" permission to that method to people who you want to be able to delete objects.

If it's a python script, give it a Proxy role that has the "Delete objects" permission mapped, and you'll be fine :-)

That was my expectation too, but alas -- it does not work for me. Have you specifically tried this?

==== Set up:
- Plone Site with "Delete objects" permission granted only to Manager (not inheriting privs) - (Plone) Folder "abc" with an object "xyz" under the Plone Site (inheriting privs) - The following "Script (Python)" named "nuke" and with "Manager" proxy role.
 - Non Manager user
 - Load URL:  {plone-root}/abc/xyz/nuke

==== Browser shows: Insufficient Privileges

You do not have sufficient privileges to view this page. If you believe you are receiving this message in error, please send an e-mail to"

==== The events.log shows:
2005-10-17T16:16:34 ERROR(200) SiteError http://localhost:8080/PloneRoot/abc/xyz/nuke
Traceback (most recent call last):
File "/usr/local/zope/lib/python/ZPublisher/", line 101, in publish
   request, bind=1)
 File "/usr/local/zope/lib/python/ZPublisher/", line 88, in mapply
   if debug is not None: return debug(object,args,context)
File "/usr/local/zope/lib/python/ZPublisher/", line 39, in call_object
   result=apply(object,args) # Type s<cr> to step into published object.
File "/usr/local/zope/lib/python/Shared/DC/Scripts/", line 306, in __call__
   return self._bindAndExec(args, kw, None)
File "/usr/local/zope/lib/python/Shared/DC/Scripts/", line 343, in _bindAndExec
   return self._exec(bound_data, args, kw)
File "/usr/local/zope/lib/python/Products/PythonScripts/", line 324, in _exec
   result = f(*args, **kw)
 File "Script (Python)", line 16, in mlt
File "/usr/local/zinstance/Products/CMFPlone/", line 306, in manage_delObjects
   raise Unauthorized, (
Unauthorized: Do not have permissions to remove this object

==== The script is:
## Script (Python) "nuke"
##bind container=container
##bind context=context
##bind namespace=
##bind script=script
##bind subpath=traverse_subpath
##title=My Test Script
from Products.PythonScripts.standard import html_quote

objid  = context.getId()
folder = context.aq_inner.aq_parent
mylog  = folder.plone_log


# So, now we delete it...
member = context.portal_membership.getAuthenticatedMember()
mylog( "%s deletes (%s) from (%s)" %\
     (, context.absolute_url(), folder.absolute_url()))

resp = folder.manage_delObjects( [objid] )

mylog( "folder.{%s}.manage_delObjects(['%s'] = {%s}\nCTX=%s" %
      (folder.absolute_url(), objid,
      folder.dumpIt( resp ), folder.absolute_url()))
mylog( "Remaining: " + str(folder.objectIds()) )

# Set 'text' for the portal_status_message
text = "No exceptions deleting '%s'" % objid
if objid in folder.objectIds():
   text += " / ID is still there"
   text += " / ID is gone"
if context in folder.objectValues():
   text += " / OBJECT is still there"
   text += " / OBJECT is gone"

context.REQUEST.RESPONSE.redirect( folder.absolute_url() +
                                  '?portal_status_message=' +

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to