<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Dieter Maurer wrote:
<blockquote cite="mid17234.34171.762401.734543@gargle.gargle.HOWL"
type="cite">
<pre wrap="">Nikko Wolf wrote at 2005-10-14 15:37 -0600:
</pre>
<blockquote type="cite">
<pre wrap="">I'm trying to allow users to delete objects that have been accidentally
created. I have criteria for what that means, but since I *DO NOT* want
them to delete object except by this method, I want to avoid granting
"Delete objects" to them (non-Managers).
Can this even be done? At the base level, "Delete objects" is a
hard-coded requirement of the ObjectManager.manage_delObjects() function.
</pre>
</blockquote>
<pre wrap=""><!---->
Usually, an "External Method" is not restricted by Zope's
security.
Unless "manage_delObjects" does not perform an additional
internal check (I think, it does not), your "External Method"
can use it to delete objects.
</pre>
</blockquote>
My question stemmed from the fact that (for reasons I cannot not
duplicate), I was repeatedly getting Unauthorized exceptions using the
manage_delObjects() function. Thus, I moved the functionality into an
External Method, intending to avoid the restrictions.<br>
<br>
But even there, throughout changes too numerous to remember now, the
Unauthorized problem persisted. Then, after snooping around I found
code in zope/lib/python/OFS/ObjectManager.py that set
__ac_permissions__ with an entry:<br>
('Delete objects', ('manage_delObjects',))<br>
<br>
... hence my thought was that the ObjectManager class had the
requirement builtin at the source code level. Even trying new
security context (created from within the External Method) did not work.<br>
<br>
After many hours of effort and debugging, I find that it works in a
"Script (Python)" with precisely the same code that I (thought I) used
originally. Obviously, something is different, but unless it was a
subtle typo that compiled correctly and worked (but not as desired) I
cannot fathom what has changed.<br>
<blockquote cite="mid17234.34171.762401.734543@gargle.gargle.HOWL"
type="cite">
<pre wrap="">
BTW: Often, it is more faster simply to try something than
to post a question to the mailing list and wait for the answer.
Your question above is such a case ...
</pre>
</blockquote>
Indeed, I know that well. I *had* tried a multitude of variations
before sending; and I'd originally included details in the first
posting, but deleted it before I sent it since the question seemed to
stand on its own.<br>
<br>
Thanks anyway,<br>
Nikko<br>
<br>
</body>
</html>