Danny William Adair wrote:
what's the fastest way to find out whether a specific role has a specific permission on a specific object? What's the fastest way to find out if it's acquired?
Even more interesting: How would I find out whether a specific role has a specific permission on a specific object, _taking_acquired_rights_into_account_??? In other words (management screen): "View" permission is not checked for the Anonymous role, but acquired. Therefore the "Anonymous" role maybe _does_ have the permission to "View" this object, through acquisition. Would I have to climb up the ladder manually and check every parent until acquisition has been "turned off", or is there some function - even if it's only available for an external method - that already does this work?
I looked through the ZMI pages (and the .py's under "lib/python/AccessControl") but couldn't find anything useful for this purpose. Iterating through permission_settings takes too long and I don't know how to access the specific roles/permissions directly (by name), mainly because mapping constructions like "p199r0" are not very handy...
I whined about this a little while ago under the subject "Determining Acquired Permissions?" on the 26th of March. The standard manage_access doesn't display the actual acquired permissions, just that they are acquired. Anyway, here's a code snippet I use to figure the roles allowed to"View". Feel free to expand the method to other roles and the full suite of permissions. The roles are obtained using self.valid_roles(). The permissions are obtained using self.ac_inherited_permissions(1). Spaces become underscores in permission names. def viewPermissions(self, acquired=0): ''' walk up the acquisition path to find a _View_Permission attribute... possibly _only_ the acquired permissions. ''' chain = self.aq_chain if acquired: chain = chain[1:] for self in chain: if hasattr(self.aq_base, '_View_Permission'): return self._View_Permission return ['Manager'] As I stated in my last email on this subject, I'm really uncomfortable using a 'private' attribute like _View_Permission in this way. I could see no other way to get the information though... Richard -- Richard Jones richard@bizarsoftware.com.au Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)