[Zope] restricting permissions for direct access only
Chris Withers
chris at simplistix.co.uk
Wed Feb 15 03:34:57 EST 2006
Michael Shulman wrote:
> Okay, I must be the most moronic user ever. The default text in a
> newly created Python Script, which I did not bother to change for my
> test case, accesses meta_type, but I did not notice this; thus I was
> confused. (Just out of curiosity, what permissions are required to
> access meta_type?)
Depends, should be 'View', or most likely not protected at all, but I
guess you found an object where it was protected with something else...
> But... it's still not working for my real site. I think the issue is
> this. If script1 has proxy role Manager, and script2 has view
> permissions set only for Manager, then script1 can call script2, no
> problem. But if script1 instead calls script3, which then calls
> script2, it doesn't work unless script3 *also* has proxy role Manager.
Yes, this was a deliberate change made a few major releases ago. I've
never mich liked it myself for exactly the reason you describe. I wonder
if anyone who knows could point out why this change was made, I'm sure
the reasons were good...
> Is there a way to make scripts inherit proxy roles from their
> callers?
Both I and you wish there was ;-)
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list