Forum OpenACS Q&A: Response to A question about the Request Processor

Posted by Andrew Piskorski on
In addition to checking a standard permission on a custom object, you
could instead check a custom permission on the package_id.  E.g.,
define a custom "script_foo_execute" privilege for your package, and
set/check whether the user has that permission on the package_id.  I'm
not sure which way would be better (cleaner or faster) in what cases.