Tim Hicks wrote:
# 'self' is the plugin converter object folder = self.restrictedTraverse(path_to_folder) #Authenticate with the same acl_users as the original uploader acl_users = folder.acl_users user = acl_users.authenticate(qfile.user, qfile.passw, request={}) user = user.__of__(acl_users) newSecurityManager(None, user)
Urm, I don't know whether that'll work. If it doesn't error, you may experience weird security stuff happening later on...
Urm, hang on... ;-)
Just in case anyone's interested, I'VE MADE IT WORK! Sorry to shout, but I'm feeling pretty pleased with myself :-))). The problem was apparently the line reading; user = user.__of__(acl_users) I presume this was screwing up my context because when I change this to; user = user.__of__(self.aq_parent) # aq_parent is my ZOffice instance which appears in the ZMI things work just as I want. Interestingly, I first tried; user = user.__of__(self) # self is the plugin converter object I could use the troublesome 'getBody' method of ZOffice, but I couldn't use 'manage_addFolder'. I have very little clue what is actually going on here, but things are working (for now), so I'm happy. So, the lesson for me I guess is to be *very* careful when logging in a user programatically. I think acl_users.authenticate() returns an unwrapped user object, so when you wrap it, you need to be sure to put it in the right aquisition context. Trial and error is my best way of figuring out what that is :-(. cheers tim ps Should say a thank you to Shane H for his VerboseSecurity product that set my mind at rest about my security settings and permissions when trying to get to the bottom of this.