Hello warriors, what's the fastest way to find out whether a specific role has a specific permission on a specific object? What's the fastest way to find out if it's acquired? Even more interesting: How would I find out whether a specific role has a specific permission on a specific object, _taking_acquired_rights_into_account_??? In other words (management screen): "View" permission is not checked for the Anonymous role, but acquired. Therefore the "Anonymous" role maybe _does_ have the permission to "View" this object, through acquisition. Would I have to climb up the ladder manually and check every parent until acquisition has been "turned off", or is there some function - even if it's only available for an external method - that already does this work? I looked through the ZMI pages (and the .py's under "lib/python/AccessControl") but couldn't find anything useful for this purpose. Iterating through permission_settings takes too long and I don't know how to access the specific roles/permissions directly (by name), mainly because mapping constructions like "p199r0" are not very handy... Thank you very much in advance for your help (dtml, pyhton, or docs I didn't see), Danny
Danny William Adair wrote:
what's the fastest way to find out whether a specific role has a specific permission on a specific object? What's the fastest way to find out if it's acquired?
Even more interesting: How would I find out whether a specific role has a specific permission on a specific object, _taking_acquired_rights_into_account_??? In other words (management screen): "View" permission is not checked for the Anonymous role, but acquired. Therefore the "Anonymous" role maybe _does_ have the permission to "View" this object, through acquisition. Would I have to climb up the ladder manually and check every parent until acquisition has been "turned off", or is there some function - even if it's only available for an external method - that already does this work?
I looked through the ZMI pages (and the .py's under "lib/python/AccessControl") but couldn't find anything useful for this purpose. Iterating through permission_settings takes too long and I don't know how to access the specific roles/permissions directly (by name), mainly because mapping constructions like "p199r0" are not very handy...
I whined about this a little while ago under the subject "Determining Acquired Permissions?" on the 26th of March. The standard manage_access doesn't display the actual acquired permissions, just that they are acquired. Anyway, here's a code snippet I use to figure the roles allowed to"View". Feel free to expand the method to other roles and the full suite of permissions. The roles are obtained using self.valid_roles(). The permissions are obtained using self.ac_inherited_permissions(1). Spaces become underscores in permission names. def viewPermissions(self, acquired=0): ''' walk up the acquisition path to find a _View_Permission attribute... possibly _only_ the acquired permissions. ''' chain = self.aq_chain if acquired: chain = chain[1:] for self in chain: if hasattr(self.aq_base, '_View_Permission'): return self._View_Permission return ['Manager'] As I stated in my last email on this subject, I'm really uncomfortable using a 'private' attribute like _View_Permission in this way. I could see no other way to get the information though... Richard -- Richard Jones richard@bizarsoftware.com.au Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)
Thank you very much, Richard! Cool! Still...
... Feel free to expand the method to other roles and the full suite of permissions. ...
Other *roles*? Roles are what's coming back, isn't it?
def viewPermissions(self, acquired=0): ''' walk up the acquisition path to find a _View_Permission attribute... possibly _only_ the acquired permissions. ''' chain = self.aq_chain if acquired: chain = chain[1:] for self in chain: if hasattr(self.aq_base, '_View_Permission'): return self._View_Permission return ['Manager']
"possibly _only_ the acquired permissions" - oops! Your snippet worked fine _if_ the view permission was acquired by that object. As soon as I turned off acquisition for the view permission of the object, it would still give me the acquired roles (that in fact were'nt acquired). What does the "if" statement look like that would return the object's own roles for the View Permission if acquisition was turned off? Naive Danny who doesn't know s... tried to put if hasattr(self.aq_base, '_View_Permission'): return self._View_Permission at the beginning of your code, but no effect. :-( But now I see how to access specific permissions and read their content (do I? I'll experiment with it), thank you very much! I will put a string.replace on top and pass the Permission to examine by string parameter, and call that whole stuff "getAllowedRoles". A "getGrantedPermissions" for examining a role should work similarly, right? def ac_inherited_permissions(self, all=0): set all to 1 and then... iterate through the list (tuple or list? list of tuples?) and check every "_current_Permission" if it contains the role? Thx once again, Danny btw: Isn't return['Manager'] at the end of your code obsolete (but safe)? Or is there anything special going on at the root level (isTopLevelPrincipiaApplicationObject)?
participants (2)
-
Danny William Adair -
richardï¼ bizarsoftware.com.au