----- Original Message ----- From: "Mark, Jonathan (Integic)" <[EMAIL PROTECTED]>
To: "Andreas Jung" <[EMAIL PROTECTED]>; <zope@zope.org>
Sent: Friday, January 26, 2007 2:06 PM
Subject: RE: [Zope] Is there any way to turn off the publishing of externalmethods to the web in Zope?

The relevant permission for an external method in 2.10.1 is "Access
contents information."

The problem is that the Zope application which calls my External Method
from a Python Script always runs unauthenticated. I turned off in the
ZMI my External Method's access for unauthenticated users, and left it
on for "Owner." However, now users who call the Python Script which
calls the External Method also get prompted for authentication.

I need unauthenticated users to be able to run the calling Python

I wonder if there is some way for unauthenticated users of a Python
Script to be dynamically assigned a Zope role at the start of the Python
Script and then lose that role at the conclusion of the Python Script.
Is that inherently unsafe even if it is possible?

You can assign a Proxy role to your python script, but this may not solve your problem as anyone who can access the python script will be able to execute the external method that the python script calls.

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to