5 Apr
2000
5 Apr
'00
8:19 a.m.
On Tue, 4 Apr 2000 a.wacknitz@francotyp.com wrote:
manage_clone() is only allowed to managers. How can I authorize a user without "AUTHENTICATED_USER.has_role('Manager')" to use this method? I
You want to give your method that calls manage_clone a "proxy" role of manager.
But isn't this a security hole? I don't want a user who guesses the name of the method to call the method with arbitrary parameters and do things he is not supposed to do... Andreas ********************************************************************** This email message has been swept by MIMEsweeper for the presence of computer viruses. Francotyp-Postalia AG & Co.