[Zope] AW: [Zope] Problems with manage_clone
a.wacknitz@francotyp.com
a.wacknitz@francotyp.com
Wed, 5 Apr 2000 10:19:46 +0200
>
> On Tue, 4 Apr 2000 a.wacknitz@francotyp.com wrote:
> > manage_clone() is only allowed to managers. How can I
> authorize a user
> > without "AUTHENTICATED_USER.has_role('Manager')" to use
> this method? I
>
> You want to give your method that calls manage_clone a "proxy" role
> of manager.
But isn't this a security hole? I don't want a user who guesses the name of
the method to call the method with arbitrary parameters and do things he is
not supposed to do...
Andreas
**********************************************************************
This email message has been swept by MIMEsweeper for the presence of
computer viruses.
Francotyp-Postalia AG & Co.