Yeah -- I rediscovered Proxy roles and that seems like the most
straightforward strategy -- not sure if there counter indicators
though that would make that strategy problematic.


On Sat, Dec 18, 2010 at 10:42 AM, Bart Jansen
<bart.jan...@esac.climbing.nl> wrote:
> Hi all,
>
> When I face a situation like Brian describes I am used to using Proxy
> roles on the publicly available script to give it permission to do the
> restricted actions. Is that a good approach or should I not use this?
>
> One of the difficulties when using Proxy roles is that they do not
> propagate to the scripts/methods being called by the script that has the
> Proxy roles set.
>
> Regards, Bart
>
> PS. I'm new on the mailing list. My name is Bart Jansen and in my spare
> time I manage a couple of Zope2 sites for non-profit student sports
> clubs in the Netherlands.
>
> Op 18-12-2010 8:10, Andreas Jung schreef:
>> http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks
>>
>> (works only from trusted code like browser views or package code - not
>> from PythonScripts)
>>
>> -aj
>>
>> Brian Sullivan wrote:
>>> I am looking at a situation (an online self registry process) where I
>>> want to allow a user that is not logged in to be able to create a user
>>>  and do a number of other functions normally reserved for and
>>> restricted to logged in users with a fairly elevated rights. I need to
>>> perform these functions from a Python script.
>>
>>> What is the best strategy for doing this? I am thinking that creating
>>> a separate python script that has elevated rights and allowing
>>> Anonymous access to it and calling it from a script that does not have
>>> elevated rights is the best strategy to manage it. Am I creating a
>>> huge security hole by doing this?
>>> _______________________________________________
>>> Zope maillist  -  z...@zope.org
>>> https://mail.zope.org/mailman/listinfo/zope
>>> **   No cross posts or HTML encoding!  **
>>> (Related lists -
>>>  https://mail.zope.org/mailman/listinfo/zope-announce
>>>  https://mail.zope.org/mailman/listinfo/zope-dev )
>>
>>
>
> _______________________________________________
> Zope maillist  -  z...@zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  https://mail.zope.org/mailman/listinfo/zope-announce
>  https://mail.zope.org/mailman/listinfo/zope-dev )
>
>
_______________________________________________
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to