Ok. Thanx. But why is it like this? I imagine that deleting an object in a folder where I do not have permission to delete every object, or the folder itself, is a quite common task. Using the manage_delObjects and a proxy really feels like I'm fighting the zope security instead of getting support by it. Or am I thinking wrong in the first place? What I really want to do is letting users answer a question object and the answers should be stored somewhere. A user must later be able to change or remove his answer, but of course not the answers of any other user. I place all answers objects belonging to a certain question in one folder, and I have the previously mentioned situation. I know it is not that much of a problem to use a proxy, but if I can change my design in some way so can avoid the proxy I imagine that would be better. /Erik On 4/18/06, Andreas Jung <lists@zopyx.com> wrote:
--On 18. April 2006 14:15:48 +0200 Erik Billing <erik@ekhagen.org> wrote:
I want to create a python script that deletes a specific file from a folder. For now, the user who is calling the script does not have the Delete objects permission on the folder, only the file which he should be able to delete. I have previously used the delObjects method on the folder to remove the file, but this requires the Delete obejcts permission on the folder itself.
folder.manage_delObjects() is the only API method you should use. If your script needs additional permissions you must give the script the proxy role Manager.
-aj
-- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: info@zopyx.com - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope & Plone development, Consulting