Right. Thanks.... just the magic needed to solve the problem.
There's a method named "read" on PythonScript objects. It returns the source of the Python Script including the "##" header lines. It's available to users who have a role that includes the "View management screens" permissions. Note also that the constructor for a Python Script (manage_addPythonScript) takes an argument "REQUEST". The constructor looks for the "file" variable in REQUEST for the text to the new script.
So let's say you want to add a parameter to the "new" Python Script. If you create a Python Script with a proxy role of "Manager" that includes the following, any user who runs it will create a new script named 'new_script' with the text of 'old_script' with a new (fixed) parameter added to the parameter list:
old_text = context.old_script.read() new_lines = old_text.split('\n') new_lines = [] for line in lines: if line.startswith('##') and line.find('parameters=') != -1: # this tacks foo=1 on to the parameter list line = '%s,%s' % (line, 'foo=1') new_lines.append(line) new_text = '\n'.join(new_lines) request = context.REQUEST request.set('file', new_text) context.manage_addPythonScript('new_script', REQUEST) # defeat the redirect caused by using manage_addPythonScript request.RESPONSE.setStatus(200) request.RESPONSE.setHeader('Location', '')
Slice and dice as required. ;-)