28 Dec
2001
28 Dec
'01
4:40 p.m.
Douwe Osinga writes:
... Giving the Author role permissions on changing the articles and the properties of the articles and the viewers only permission to view the articles gets you quite far. Then I was planning on using proxy roles to help the Viewers comment the articles. One script, PostComment, has a proxy role Author. Now, this works fine, as long as PostComment only calls Zope defined methods. If PostComment calls any method I wrote for my own z-classes and that method calls manage_changeProperties() for example, a security exceptions is thrown. From Zope 2.2 on, Proxy Roles are no longer inherited by called Zope objects. Each such object must get its own proxy role...
Dieter