[Zope] 'import' directory accesible from scripting.

[Luis Lavena]

Hello list,

I'm currently building a webapp to be used on intranets enviroments. We have
some folderish objects that contains what we call "Components" of our
webapp. Some of our developers export them as zexp to be imported later at
our customer running the webapp (adding functionality, like modules or
plugins).

We will like, instead to let our customer to access the ZMI to make the
import, provide a simplified way to do the job (we already have some
management screens that let the end-user remove the components or disable
them). Inside this interface we will like to offer a "upload component" or
something similar, so our customer just have to browse for the .zexp file we
have created and include in his running webapp.

Only authorized user have power to disable/remove components.

The thing is that the "import" directory is not accesible locally, nor by
us, nor by our customer (he run the web app form the intranet and not
sitting in the zope-box).

Q: Is there a way to handle the upload and import process by a product (to
be created) to bypass this security? or must relly on a limited FTP server
that only allow me upload information to the "import" directory?

We cannot do a XML-RPC (as proposed on irc) because the webapp of our
customer and our dev-box aren't directly connected (our customer don't have
the zope-box connected to internet, only intranet access).

Some suggestions will be really apreciated,

Please excuse my poor english, is not my mother language... and I'm very
tired (4AM here!)

Thanks,

Luis

PS: Please CC your answer because I'm currently not member of this list,
thanks.