celio conort wrote:
Hi ! I just made a script called by a form , that create one Object and fill its properties
obj=context.manage_addProduct['MyProduct'].MyObj.createInObjectManager(id, {})
for p in baseFields[0].keys(): obj.propertysheets.propertie1.manage_changeProperties({p : request[baseFields[0][p]]})
the problem is that this script is called by Anonymous users and the object is stored in a temporary folder that i can moderate so in this folder, anonymous can "Add MyObjs" and "Manage Properties" but it's not secure at all !! but if i don't add thoose two permissions i can't create or edit the properties of this object :-(
any solution ?
set the proxy-role of your script to "Manager" [or a similiar role which has the rights to add and edit your objects]. then your script can be run by Anonymous as if Anonymous has the proper rights. cheers, maik