[Zope] restricting permissions for direct access only

Michael Shulman shulman at mathcamp.org
Wed Feb 15 12:55:24 EST 2006

On 2/15/06, Chris Withers <chris at simplistix.co.uk> wrote:
> > But... it's still not working for my real site.  I think the issue is
> > this.  If script1 has proxy role Manager, and script2 has view
> > permissions set only for Manager, then script1 can call script2, no
> > problem.  But if script1 instead calls script3, which then calls
> > script2, it doesn't work unless script3 *also* has proxy role Manager.
> Yes, this was a deliberate change made a few major releases ago. I've
> never mich liked it myself for exactly the reason you describe. I wonder
> if anyone who knows could point out why this change was made, I'm sure
> the reasons were good...

Even if the reasons were good, it would be nice to have an option to
turn it on or off, even if the default is off.  At the very least, it
would be nice if this fact were documented.  (Is it somewhere and I
just missed it?)  It surprised me very much, and it would have
surprised and frustrated me even more if I'd written a site which
worked and then later on decided to split off the functionality of
some private script into a secondary one, unsuspecting that it would
break the proxy roles setup.


More information about the Zope mailing list