<p class="MsoNormal"><span style="" lang="EN-GB"><br></span></p><p class="MsoNormal"><span style="" lang="EN-GB">Ok. If proxy
is the way to do it, then it is so, even thaw I still think it's a little backwords. But you have a good point Stefan, of course objects may be viewed as
an property of the parent container, and the permissions follows from that. <span style=""> </span>And of course it's not much of a problem to do
the security check inside the python script, the question was ment as to ask if this was the
right way, which you clearly answered :P </span></p>
<span style="font-size: 12pt; font-family: "Times New Roman";" lang="EN-GB">Thank you all for your comments.</span><span style="font-size: 12pt; font-family: "Times New Roman";" lang="EN-GB"></span><br>
<span style="font-size: 12pt; font-family: "Times New Roman";" lang="EN-GB"><br>/Erik<br></span><br><div><span class="gmail_quote">On 4/18/06, <b class="gmail_sendername">Alexis Roda</b> <<a href="mailto:alexis.roda.villalonga@gmail.com">
alexis.roda.villalonga@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Erik Billing escribió:<br>><br>> Ok. Thanx. But why is it like this? I imagine that deleting an object in
<br>> a folder where I do not have permission to delete every object, or the<br>> folder itself, is a quite common task. Using the manage_delObjects and a<br>> proxy really feels like I'm fighting the zope security instead of
<br>> getting support by it.<br><br>Proxy roles are provided/supported by zope security machinery, where's<br>the fight?<br><br>> Or am I thinking wrong in the first place? What I really want to do is<br>> letting users answer a question object and the answers should be stored
<br>> somewhere. A user must later be able to change or remove his answer, but<br>> of course not the answers of any other user. I place all answers objects<br>> belonging to a certain question in one folder, and I have the previously
<br>> mentioned situation.<br><br>The only problem with proxy role (AFAICS) is users being able to delete<br>answers from other users. In your current design the script with proxy<br>role could (should) check if the current user is allowed to delete an
<br>answer (looking at some attribute). I don't see a big problem.<br><br>> I know it is not that much of a problem to use a proxy, but if I can<br>> change my design in some way so can avoid the proxy I imagine that would
<br>> be better.<br><br>Well, store all answers from a user in the same folder.<br><br><br><br><br>Sl.<br></blockquote></div><br>