On 2/11/06, Michael Shulman <[EMAIL PROTECTED]> wrote: > Is there a way in Zope to restrict permissions for direct access only > (i.e. calling an object through the web) but still allow indirect > access (i.e. executing an object that was called by another object > that was called through the web)?
Yes. If that "other object" is disk-based python, it is most likely able to do it already. If it is a python-script, you can set it up to have a proxy role. That way your auxiliary scripts can all require manager roles, and you can give the scripts that need to call them the Manager proxy-role > Feel free to tell me that I am misunderstanding the way security > works, or is supposed to work, in Zope, or that if this is something I > need to do I am designing my site incorrectly from the point of view > of Zope security (and if so, what is the correct way to design it?). No you seem to have got it. Although the next time you do something that complex you might want to look into making a disk-based prodct instead. It's often easier for complex features. -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )