Chris Withers wrote:
Nikko Wolf wrote:
I'm trying to allow users to delete objects that have been accidentally created. I have criteria for what that means, but since I *DO NOT* want them to delete object except by this method, I want to avoid granting "Delete objects" to them (non-Managers).
Have the "delete process" done in a python script or external method. Only give "view" permission to that method to people who you want to be able to delete objects.
If it's a python script, give it a Proxy role that has the "Delete objects" permission mapped, and you'll be fine :-)
That was my expectation too, but alas -- it does not work for me. Have you specifically tried this? ==== Set up: - Plone Site with "Delete objects" permission granted only to Manager (not inheriting privs) - (Plone) Folder "abc" with an object "xyz" under the Plone Site (inheriting privs) - The following "Script (Python)" named "nuke" and with "Manager" proxy role. - Non Manager user - Load URL: {plone-root}/abc/xyz/nuke ==== Browser shows: Insufficient Privileges You do not have sufficient privileges to view this page. If you believe you are receiving this message in error, please send an e-mail to" ==== The events.log shows: 2005-10-17T16:16:34 ERROR(200) SiteError http://localhost:8080/PloneRoot/abc/xyz/nuke Traceback (most recent call last): File "/usr/local/zope/lib/python/ZPublisher/Publish.py", line 101, in publish request, bind=1) File "/usr/local/zope/lib/python/ZPublisher/mapply.py", line 88, in mapply if debug is not None: return debug(object,args,context) File "/usr/local/zope/lib/python/ZPublisher/Publish.py", line 39, in call_object result=apply(object,args) # Type s<cr> to step into published object. File "/usr/local/zope/lib/python/Shared/DC/Scripts/Bindings.py", line 306, in __call__ return self._bindAndExec(args, kw, None) File "/usr/local/zope/lib/python/Shared/DC/Scripts/Bindings.py", line 343, in _bindAndExec return self._exec(bound_data, args, kw) File "/usr/local/zope/lib/python/Products/PythonScripts/PythonScript.py", line 324, in _exec result = f(*args, **kw) File "Script (Python)", line 16, in mlt File "/usr/local/zinstance/Products/CMFPlone/PloneFolder.py", line 306, in manage_delObjects raise Unauthorized, ( Unauthorized: Do not have permissions to remove this object ==== The script is: ## Script (Python) "nuke" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title=My Test Script ## from Products.PythonScripts.standard import html_quote objid = context.getId() folder = context.aq_inner.aq_parent mylog = folder.plone_log ##### ## DELETION CRITERIA CHECKS OMITTED #### # So, now we delete it... member = context.portal_membership.getAuthenticatedMember() mylog( "%s deletes (%s) from (%s)" %\ (member.id, context.absolute_url(), folder.absolute_url())) resp = folder.manage_delObjects( [objid] ) mylog( "folder.{%s}.manage_delObjects(['%s'] = {%s}\nCTX=%s" % (folder.absolute_url(), objid, folder.dumpIt( resp ), folder.absolute_url())) mylog( "Remaining: " + str(folder.objectIds()) ) # Set 'text' for the portal_status_message text = "No exceptions deleting '%s'" % objid if objid in folder.objectIds(): text += " / ID is still there" else: text += " / ID is gone" if context in folder.objectValues(): text += " / OBJECT is still there" else: text += " / OBJECT is gone" context.REQUEST.RESPONSE.redirect( folder.absolute_url() + '?portal_status_message=' + html_quote(text))