Hi, I created a PyScript through the ZMI: from AccessControl import getSecurityManager() print getSecurityManager().getUser().getRoles() print getSecurityManager().getUser().getRolesInContext(context) return printed The script has the proxy role 'Manager'. When I call the script as Anyonmous User then the output is always ('Anonymous',) for both calls. This happens with Zope 2.7.0, 2.7.6 and Zope 2.8.0. Shouldn't I see the Manager role in the output or am I just brain-dead today? Andreas
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Jung wrote:
I created a PyScript through the ZMI:
from AccessControl import getSecurityManager() print getSecurityManager().getUser().getRoles() print getSecurityManager().getUser().getRolesInContext(context) return printed
The script has the proxy role 'Manager'.
When I call the script as Anyonmous User then the output is always ('Anonymous',) for both calls. This happens with Zope 2.7.0, 2.7.6 and Zope 2.8.0. Shouldn't I see the Manager role in the output or am I just brain-dead today?
Proxy roles are an attribute of the callable, not the user; they can't be introspected that way. Check AccessControl.ImplPython.ZopeSecurityPolicy.validate, near the bottom, for how they are checked. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCyTIu+gerLs4ltQ4RAvXNAJ0UKsG4GT0FtyJwyyFbO08YLsmiywCcCcmP 2Rtuhcds6UZrkFAEVng1T58= =4ZA/ -----END PGP SIGNATURE-----
Andreas Jung <lists@andreas-jung.com> wrote:
I created a PyScript through the ZMI:
from AccessControl import getSecurityManager() print getSecurityManager().getUser().getRoles() print getSecurityManager().getUser().getRolesInContext(context) return printed
The script has the proxy role 'Manager'.
When I call the script as Anyonmous User then the output is always ('Anonymous',) for both calls. This happens with Zope 2.7.0, 2.7.6 and Zope 2.8.0. Shouldn't I see the Manager role in the output or am I just brain-dead today?
Proxy roles are designed to provide additional rights to the restricted python machinery executing some Python Script or DTML. They don't propagate to the code called by them. Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com
participants (3)
-
Andreas Jung -
Florent Guillaume -
Tres Seaver