I just learned something interesting about ATFolders in Plone. For the non-Plone readers, an ATFolder is Plone's take on a normal Zope Folder but based on Archetypes instead. To begin with, Plone overrides the function
manage_addFolder which means that if you do
context.portal_url.getPortalObject().manage_addFolder(...) in Plone you get an ATFolder instead of a normal Folder. Fair enough.
The problem I had was that ATFolders override the
manage_delObjects() function not only is it's security defined in the container, it also does a security check within. I don't know why but I'm sure there's a reason. What this means is that you can't use
some_at_folder.manage_delObjects([...]) in External Methods and expect no
I solved this security problem I had by instead creating a normal Zope folder by doing it this way instead:
portal_root = self.portal_url.getPortalObject() adder = portal_root.manage_addProduct['OFSP'].manage_addFolder adder('PlainZopeFolder')