MessageSounds like you should use a proxy role for the methods in question. Kevin -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Andrew Athan Sent: Thursday, December 26, 2002 6:47 PM To: zope@zope.org Subject: [Zope] Idiom for accessing restricted capabilities Say you have a site which must perform certain restricted activites, but those activities should be invokable by anonymous users IF AND ONLY IF the users initiate them from an authorized source (e.g., a specific DTML or ZPT script)...what is the recommended way of setting this up? Example: Site X allows anonymous users to purchase an item. The purchase() method is defined to be accessible only by a specific trusted/authenticated user. The purchase() method should not be invokable by the anonymous user, but if the anonymous user access the checkout page template, that page template should be able to invoke purchase(). Now, say I want to invoke purchase() from an ExternalMethod that is called from an anonymous context, what's the preferred way of setting and supplying the appropriate credentials? I have solved these problems "my way," think the solution is hairy and dirty, and would therefore like to see what people's recommended solutions are. A.