Personal tools
You are here: Home Lists ZPUG DC List Archives 2005 2005-07 if script proxy_role=manager, can any auth. user run it? / Christoph Berendes <berendes@netalyst.com>
Navigation
Log in


Forgot your password?
New user?
Mailing Lists
You can read our ZPUGDC mailing list archives online.
You can subscribe to our mailing list:
Book Review

The Definitive Guide to Plone
Reviewer: joel
 

if script proxy_role=manager, can any auth. user run it? / Christoph Berendes <berendes@netalyst.com>

if script proxy_role=manager, can any auth. user run it?
Christoph Berendes <berendes(at)netalyst.com>		 2005-07-19 23:16:36 [ FULL ] 
I'm having a heck of time with proxy roles.

My site has a 'mini-admin' role. Each mini-admin manages a few aspects 
of a subgroup of users.

In particular, each mini-admin has to be able to give his users  the 
Customer local role on a specific folder.

This Script object more or less does it:
    pm = context.portal_membership
    pm.setLocalRoles( obj=context,
                      member_ids=[userid],
                      member_role='Customer' )

run with proxy_roles (via the tab) of Customer and Manager works, but 
only if the mini-admin, separately, is given Manager local_role on the 
folder.

I don't understand how the proxy_roles setting interacts with the roles 
the user running the script already has.  Couldn't a script that was 
proxied as Manager then be run as any authenticated user, and have 
manager privileges?
Powered by Plone, the Open Source Content Management System

This site conforms to the following standards: