Ok. Thanx. But why is it like this? I imagine that deleting an object in a folder where I do not have permission to delete every object, or the folder itself, is a quite common task. Using the manage_delObjects and a proxy really feels like I'm fighting the zope security instead of getting support by it. 

Or am I thinking wrong in the first place? What I really want to do is letting users answer a question object and the answers should be stored somewhere. A user must later be able to change or remove his answer, but of course not the answers of any other user. I place all answers objects belonging to a certain question in one folder, and I have the previously mentioned situation.

I know it is not that much of a problem to use a proxy, but if I can change my design in some way so can avoid the proxy I imagine that would be better.


On 4/18/06, Andreas Jung <[EMAIL PROTECTED]> wrote:

--On 18. April 2006 14:15:48 +0200 Erik Billing <[EMAIL PROTECTED]> wrote:

> I want to create a python script that deletes a specific file from a
> folder. For now, the user who is calling the script does not have the
> Delete objects permission on the folder, only the file which he should be
> able to delete. I have previously used the delObjects method on the
> folder to remove the file, but this requires the Delete obejcts
> permission on the folder itself.

folder.manage_delObjects()  is the only API method you should use.
If your script needs additional permissions you must give the script
the proxy role Manager.


ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany
Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376
E-Publishing, Python, Zope & Plone development, Consulting

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to