Yeah -- I rediscovered Proxy roles and that seems like the most straightforward strategy -- not sure if there counter indicators though that would make that strategy problematic.
On Sat, Dec 18, 2010 at 10:42 AM, Bart Jansen <bart.jan...@esac.climbing.nl> wrote: > Hi all, > > When I face a situation like Brian describes I am used to using Proxy > roles on the publicly available script to give it permission to do the > restricted actions. Is that a good approach or should I not use this? > > One of the difficulties when using Proxy roles is that they do not > propagate to the scripts/methods being called by the script that has the > Proxy roles set. > > Regards, Bart > > PS. I'm new on the mailing list. My name is Bart Jansen and in my spare > time I manage a couple of Zope2 sites for non-profit student sports > clubs in the Netherlands. > > Op 18-12-2010 8:10, Andreas Jung schreef: >> http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks >> >> (works only from trusted code like browser views or package code - not >> from PythonScripts) >> >> -aj >> >> Brian Sullivan wrote: >>> I am looking at a situation (an online self registry process) where I >>> want to allow a user that is not logged in to be able to create a user >>> and do a number of other functions normally reserved for and >>> restricted to logged in users with a fairly elevated rights. I need to >>> perform these functions from a Python script. >> >>> What is the best strategy for doing this? I am thinking that creating >>> a separate python script that has elevated rights and allowing >>> Anonymous access to it and calling it from a script that does not have >>> elevated rights is the best strategy to manage it. Am I creating a >>> huge security hole by doing this? >>> _______________________________________________ >>> Zope maillist - z...@zope.org >>> https://mail.zope.org/mailman/listinfo/zope >>> ** No cross posts or HTML encoding! ** >>> (Related lists - >>> https://mail.zope.org/mailman/listinfo/zope-announce >>> https://mail.zope.org/mailman/listinfo/zope-dev ) >> >> > > _______________________________________________ > Zope maillist - z...@zope.org > https://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope-dev ) > > _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )