[Zope] restricting permissions for direct access only

Chris Withers chris at simplistix.co.uk
Wed Feb 15 03:34:57 EST 2006

Michael Shulman wrote:
> Okay, I must be the most moronic user ever.  The default text in a
> newly created Python Script, which I did not bother to change for my
> test case, accesses meta_type, but I did not notice this; thus I was
> confused.  (Just out of curiosity, what permissions are required to
> access meta_type?)

Depends, should be 'View', or most likely not protected at all, but I 
guess you found an object where it was protected with something else...

> But... it's still not working for my real site.  I think the issue is
> this.  If script1 has proxy role Manager, and script2 has view
> permissions set only for Manager, then script1 can call script2, no
> problem.  But if script1 instead calls script3, which then calls
> script2, it doesn't work unless script3 *also* has proxy role Manager.

Yes, this was a deliberate change made a few major releases ago. I've 
never mich liked it myself for exactly the reason you describe. I wonder 
if anyone who knows could point out why this change was made, I'm sure 
the reasons were good...

>  Is there a way to make scripts inherit proxy roles from their
> callers? 

Both I and you wish there was ;-)



Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Zope mailing list