On Saturday, June 21, 2003, at 07:12 PM, Geir Bækholt wrote:
On Sat, 21 Jun 2003 18:00:11 +0100 GMT (..19:00 where i live(GMT+2) ) Matt Patterson asked the Zope mailinglist about the following:
You are not authorized to change addUserScript because you do not have proxy roles. (Also, an error occurred while attempting to render the standard error message.)
That error message is not very well-worded. It really means that *you*, the user assigning the proxy-role cannot assign roles you don't have yourself.
Ah, I see - hence why I, with the Manager role, could assign Manager as a proxy to the script...
So, if you set your manager-user up with the "adduser" role, you can freely asssign adduser-proxies whereever you like.
Cool.
but there is no danger related to assigning the "manager" role to the script if no non-managers are allowed to edit it.
Not even if the manage_edit interface was called on the script when it had the Manager proxy role? i.e. does this mean that proxy roles only apply when the script is __call__ed, and not when any of its other Zope methods (like manage_edit or document_src) are called...
You can read more about roles and proxies here : http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/ Security.stx
I did read that, but the example made me think that I had to be a Manager to assign any proxy roles - the example was confusing on that point... Many thanks for the prompt response! Matt -- Matt Patterson | Typographer <matt@emdash.co.uk> | http://www.emdash.co.uk/ <matt@reprocessed.org> | http://reprocessed.org/