Nikko Wolf wrote at 2005-10-14 15:37 -0600:
I'm trying to allow users to delete objects that have been accidentally created. I have criteria for what that means, but since I *DO NOT* want them to delete object except by this method, I want to avoid granting "Delete objects" to them (non-Managers).
Can this even be done? At the base level, "Delete objects" is a hard-coded requirement of the ObjectManager.manage_delObjects() function.
Usually, an "External Method" is not restricted by Zope's security. Unless "manage_delObjects" does not perform an additional internal check (I think, it does not), your "External Method" can use it to delete objects. BTW: Often, it is more faster simply to try something than to post a question to the mailing list and wait for the answer. Your question above is such a case ... -- Dieter