Noel Burton-Krahn writes:
I'm trying to filter a search results list to remove documents which the current user doesn't have permission to view. I wrote a python script which tries to do just that. I call
checkPermission('View', x.absolute_url) You need to check the object itself, not its URL.
If "x" is an element of a catalog search, it is in fact not the object itself, but a proxy. You use its "getObject()" method to get at the object. Some objects are itself protected by the "View" permission. Then, even accessing them with "getObject" will raise an "Unauthorized" exception. Therefore, you use: allowed= 0 try: allowed= checkPermission('View',x.getObject()) except: pass Of course, this assumes, you have beforehand assigned "getSecurityManager().checkPermission" to "checkPermission". Dieter