-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Jung wrote:
I created a PyScript through the ZMI:
from AccessControl import getSecurityManager() print getSecurityManager().getUser().getRoles() print getSecurityManager().getUser().getRolesInContext(context) return printed
The script has the proxy role 'Manager'.
When I call the script as Anyonmous User then the output is always ('Anonymous',) for both calls. This happens with Zope 2.7.0, 2.7.6 and Zope 2.8.0. Shouldn't I see the Manager role in the output or am I just brain-dead today?
Proxy roles are an attribute of the callable, not the user; they can't be introspected that way. Check AccessControl.ImplPython.ZopeSecurityPolicy.validate, near the bottom, for how they are checked. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCyTIu+gerLs4ltQ4RAvXNAJ0UKsG4GT0FtyJwyyFbO08YLsmiywCcCcmP 2Rtuhcds6UZrkFAEVng1T58= =4ZA/ -----END PGP SIGNATURE-----