Anonymous users and object editing


I'm looking for advice on how to go about the following. I need to have an IP restricted BrowserView (which is not the issue) which can be called by an anonymous user that can make changes on dexterity objects on the site. That anonymous user call will be coming from the another server.

My question is how do I go about setting up a BrowserView which will be executed by an anonymous user to make edits to objects on the site. I feel some sort of security bypass will be required. It is easy enough to get objects via unrestrictedTraverse but making edits seems restricted yet.

Or would it be easier using an external method? (which I'm not a fan of doing)


Do you need an actual form for users to access in the site to make changes? Or will it be sent to Plone as a request?

If it's the latter, I recommend using to accept a POST.

1 Like

@hietpasd A filesystem BrowserView is trusted python code and can do anything. The only time there are restrictions are when you are using TAL expressions, python scripts or other kinds of restricted python such as Rapido. So as long as its in your browserview there should be no issue.

we had a similar use case some years ago and we solved it with the help of @davisagli.

take a look at the code of this package (it's Grok based but you'll get the idea):

@ramiroluz has been contributing lately to this package, so maybe he can help you further.

1 Like

As @cdw9 asked, it's not clear if you want a human or software to do the edits. If software, you can (and probably should) still have it authenticate, to be on the safe side, since firewalls are not going to protect you 100%. Even if it's a human doing the editing "anonymously", you might still want to log the IP addresses, the way Wikipedia does it.

Yes it will be a process not a user doing the edits. There will be zero form fields passed into this process. All the process is going to do is updating cache data and sets it in the required dexterity objects. Only the server the plone site is running on will be able to call the process.

Thanks Dylan. You are right there are no restrictions which is perfect for our needs.

... it it was a user, one way could be to have a form / view that stores the fields 'somewhere else', then sends an email to confirm (together with a checksum), and the content is updated by clicking on the email link (which redirects to a browser 'confirm view'.

The confirm view could check for 'legal emails ( contains )