Hello Andrew, Friday, December 27, 2002, 4:35:54 PM, you wrote:
Your suggestion to use proxy roles implies a scheme whereby either http://zope/protected/method is called through another method that adds the appropriate role via its proxy mechanism, or is itself set to proxy to the required role. The issue with this is that the proxy role is set at invoke time, instead of by logic within the method.
A.
set /zope/protected/method to be only accessible by managers. make /zope/public/invoker a pythonscript that has proxy role of manager. then you can do all your logic in your pythonscript, and have it return a pagetemplate suiting your needs : # script that invokes logic if (all_prerequisites_are_ok): zope.protected.method() context.REQUEST.RESPONSE.redirect('/zope/checked_out') else: return context.form_or_whatever_you_want_template() this way, no one (except managers) can access /zope/protected/method unless through /zope/public/invoker, which seems to be what you want.. - And you can check for your cookies aswell, but not as ugly as it would be in a template... :) -- Geir Bækholt geir@funcom.com Tools/HCI-developer Tools/Billing - Product Operations Funcom Oslo