Erik Billing escribió:
Ok. Thanx. But why is it like this? I imagine that deleting an object in
a folder where I do not have permission to delete every object, or the
folder itself, is a quite common task. Using the manage_delObjects and a
proxy really feels like I'm fighting the zope security instead of
getting support by it.
Proxy roles are provided/supported by zope security machinery, where's
the fight?
Or am I thinking wrong in the first place? What I really want to do is
letting users answer a question object and the answers should be stored
somewhere. A user must later be able to change or remove his answer, but
of course not the answers of any other user. I place all answers objects
belonging to a certain question in one folder, and I have the previously
mentioned situation.
The only problem with proxy role (AFAICS) is users being able to delete
answers from other users. In your current design the script with proxy
role could (should) check if the current user is allowed to delete an
answer (looking at some attribute). I don't see a big problem.
I know it is not that much of a problem to use a proxy, but if I can
change my design in some way so can avoid the proxy I imagine that would
be better.
Well, store all answers from a user in the same folder.
Sl.
_______________________________________________
Zope maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
