At 07:33 AM 12/13/99 GMT, Thilo Mezger wrote:
Ross Boylan <RossBoylan@stanfordalumni.org> wrote:
I've been making some assumptions about how ownership works, and I'd appreciate it if anyone could tell me if they are right.
1) The owner of an object is the authenticated user when the script that creates it runs.
can you tell me how i can find out the owner of an object? i've been searching the source code for getOwner() methods or something like that but couln't find anything...
thilo
Unfortunately, I can't. It's something else I'd like to know. My guess is that it's part of the object database (bobobase) code. On the other hand, since permissioning is run by the object publisher, it can't be entirely there. I have turned up the following clues while poking around: 1. Here's how lib/python/ZPublisher/test.py pretends it's a user if u: import base64 env['HTTP_AUTHORIZATION']="Basic %s" % base64.encodestring(u) u is a string "username:password" env can be an empty dictionary 2. here's code from Client.py if (self.username and self.password and not headers.has_key('Authorization')): headers['Authorization']=( "Basic %s" % replace(encodestring('%s:%s' % (self.username,self.password)), '\012','')) 3. BaseRequest.traverse does the authorization checks, and the following variables figure in it: __allow_groups__ validate