Hi all, When I face a situation like Brian describes I am used to using Proxy roles on the publicly available script to give it permission to do the restricted actions. Is that a good approach or should I not use this?
One of the difficulties when using Proxy roles is that they do not propagate to the scripts/methods being called by the script that has the Proxy roles set. Regards, Bart PS. I'm new on the mailing list. My name is Bart Jansen and in my spare time I manage a couple of Zope2 sites for non-profit student sports clubs in the Netherlands. Op 18-12-2010 8:10, Andreas Jung schreef: > http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks > > (works only from trusted code like browser views or package code - not > from PythonScripts) > > -aj > > Brian Sullivan wrote: >> I am looking at a situation (an online self registry process) where I >> want to allow a user that is not logged in to be able to create a user >> and do a number of other functions normally reserved for and >> restricted to logged in users with a fairly elevated rights. I need to >> perform these functions from a Python script. > >> What is the best strategy for doing this? I am thinking that creating >> a separate python script that has elevated rights and allowing >> Anonymous access to it and calling it from a script that does not have >> elevated rights is the best strategy to manage it. Am I creating a >> huge security hole by doing this? >> _______________________________________________ >> Zope maillist - Zope@zope.org >> https://mail.zope.org/mailman/listinfo/zope >> ** No cross posts or HTML encoding! ** >> (Related lists - >> https://mail.zope.org/mailman/listinfo/zope-announce >> https://mail.zope.org/mailman/listinfo/zope-dev ) > > _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
