Chris Withers wrote:
Rik,
Thanks for the help with the second problem. Not entirely convinced about the first one though... it seems quite a lot of effort to go through just to stop people executing the methods on their own. Especially given that it sounds like you'd have to go through the process for each method, and in a big site I can imagine there'd be quite a lot of these :(
Not quite. You will have to create the methods anyway, even in a big site and you could give them the proxy roles right at that time. Not much extra work, i'd think. For clarity: the executing methods have proxy roles, the executed just need to be protected
It's a shame there's no way to add a permission called 'execute' or similar to the security model. That permission could allow other objects to execute the method. You could then turn off the view permission, turn on the execute permission, and hey presto! problem solved...
so, that's what proxy roles are for. More so if you'd define a role called Execute. (and still, in either case you'd have to turn on the execute permission on each method just the same). Rik