I just learned something interesting about ATFolders in Plone. For the non-Plone readers, an ATFolder is Plone's take on a normal Zope Folder but based on Archetypes instead. To begin with, Plone overrides the function manage_addFolder which means that if you do context.portal_url.getPortalObject().manage_addFolder(...) in Plone you get an ATFolder instead of a normal Folder. Fair enough.

The problem I had was that ATFolders override the manage_delObjects() function not only is it's security defined in the container, it also does a security check within. I don't know why but I'm sure there's a reason. What this means is that you can't use some_at_folder.manage_delObjects([...]) in External Methods and expect no Unauthorized errors.

I solved this security problem I had by instead creating a normal Zope folder by doing it this way instead:


portal_root = self.portal_url.getPortalObject()
adder = portal_root.manage_addProduct['OFSP'].manage_addFolder
adder('PlainZopeFolder')

Comments

Your email will never ever be published.

Previous:
Associative arrays March 21, 2007 Web development
Next:
Is peanut butter the proof that evolution doesn't happen? March 29, 2007 Politics
Related by category:
Interesting lesson learnt on shortcut taking in usability August 2, 2007 Plone
TAL here hack in Plone April 28, 2005 Plone
World Plone Day here in London, England October 21, 2008 Plone