[Zope] Re: Create and edit by a script but not by management screens ...

Maik Jablonski maik.jablonski@uni-bielefeld.de
Mon, 23 Sep 2002 13:44:44 +0200


celio conort wrote:
> Hi !
> I just made a script called by a form , that create one Object and fill its
> properties
> 
> obj=context.manage_addProduct['MyProduct'].MyObj.createInObjectManager(id,
> {})
> 
> for p in baseFields[0].keys():
>          obj.propertysheets.propertie1.manage_changeProperties({p :
> request[baseFields[0][p]]})
> 
> the problem is that this script is called by Anonymous users and the object
> is stored in a temporary folder that i can moderate
> so in this folder, anonymous can "Add MyObjs" and "Manage Properties"
> but it's not secure at all !!
> but if i don't add thoose two permissions i can't create or edit the
> properties of this object :-(
> 
> any solution ?

set the proxy-role of your script to "Manager" [or a similiar role which 
has the rights to add and edit your objects]. then your script can be 
run by Anonymous as if Anonymous has the proper rights.

cheers, maik