Hi all,

When I face a situation like Brian describes I am used to using Proxy
roles on the publicly available script to give it permission to do the
restricted actions. Is that a good approach or should I not use this?

One of the difficulties when using Proxy roles is that they do not
propagate to the scripts/methods being called by the script that has the
Proxy roles set.

Regards, Bart

PS. I'm new on the mailing list. My name is Bart Jansen and in my spare
time I manage a couple of Zope2 sites for non-profit student sports
clubs in the Netherlands.

Op 18-12-2010 8:10, Andreas Jung schreef:
> http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks
> 
> (works only from trusted code like browser views or package code - not
> from PythonScripts)
> 
> -aj
> 
> Brian Sullivan wrote:
>> I am looking at a situation (an online self registry process) where I
>> want to allow a user that is not logged in to be able to create a user
>>  and do a number of other functions normally reserved for and
>> restricted to logged in users with a fairly elevated rights. I need to
>> perform these functions from a Python script.
> 
>> What is the best strategy for doing this? I am thinking that creating
>> a separate python script that has elevated rights and allowing
>> Anonymous access to it and calling it from a script that does not have
>> elevated rights is the best strategy to manage it. Am I creating a
>> huge security hole by doing this?
>> _______________________________________________
>> Zope maillist  -  Zope@zope.org
>> https://mail.zope.org/mailman/listinfo/zope
>> **   No cross posts or HTML encoding!  **
>> (Related lists - 
>>  https://mail.zope.org/mailman/listinfo/zope-announce
>>  https://mail.zope.org/mailman/listinfo/zope-dev )
> 
> 

_______________________________________________
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to