[Zope] DELETE Objects

Erik Billing erik at ekhagen.org
Tue Apr 18 17:59:01 EDT 2006


Ok. If proxy is the way to do it, then it is so, even thaw I still think
it's a little backwords. But you have a good point Stefan, of course objects
may be viewed as an property of the parent container, and the permissions
follows from that.  And of course it's not much of a problem to do the
security check inside the python script, the question was ment as to ask if
this was the right way, which you clearly answered :P
Thank you all for your comments.

/Erik

On 4/18/06, Alexis Roda <alexis.roda.villalonga at gmail.com> wrote:
>
> Erik Billing escribió:
> >
> > Ok. Thanx. But why is it like this? I imagine that deleting an object in
> > a folder where I do not have permission to delete every object, or the
> > folder itself, is a quite common task. Using the manage_delObjects and a
> > proxy really feels like I'm fighting the zope security instead of
> > getting support by it.
>
> Proxy roles are provided/supported by zope security machinery, where's
> the fight?
>
> > Or am I thinking wrong in the first place? What I really want to do is
> > letting users answer a question object and the answers should be stored
> > somewhere. A user must later be able to change or remove his answer, but
> > of course not the answers of any other user. I place all answers objects
> > belonging to a certain question in one folder, and I have the previously
> > mentioned situation.
>
> The only problem with proxy role (AFAICS) is users being able to delete
> answers from other users. In your current design the script with proxy
> role could (should) check if the current user is allowed to delete an
> answer (looking at some attribute). I don't see a big problem.
>
> > I know it is not that much of a problem to use a proxy, but if I can
> > change my design in some way so can avoid the proxy I imagine that would
> > be better.
>
> Well, store all answers from a user in the same folder.
>
>
>
>
> Sl.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060418/7287e867/attachment.htm


More information about the Zope mailing list