-----Original Message----- From: Howard Clinton Shaw III [mailto:shawh@sths.org] Sent: Wednesday, June 09, 1999 05:32 To: Jay, Dylan Cc: 'zope@zope.org' Subject: RE: [Zope] RE: What method do I use to check access? (and how do I do 'getitem' in an external method?)
On Mon, 07 Jun 1999, Jay, Dylan wrote: <snip>
Ok, I'm still working on the problem. I've come upon a snag
however. If I
pass in SomeObject above I will get an "You are not authorized to access SomeObject" error. So instead I need to pass in the object id and get the object myself. However I have had no luck working out how to do this. What I need is the getitem method in an external method. Searching through all the code as left me none the wiser.
Here's the closest I have.
from AccessControl.Permission import Permission
def hasPermission(self, pname, objName, AUTHENTICATED_USER): SomeObject = self.__getitem__(objName)
try this. SomeObject = eval('self.'+pname)
However, indications from the above are that it might give an error; if so, can be much easier.... try: SomeObject = eval('self.'+pname) except: # He ain't allowed to do that else: # He is allowed to do that
And not have to fight with any permissions stuff.
Don't think that will ever work because there is NO validation of security inside an external method. This might work if it was done in dtml and there was a way of catching exceptions. However I believe this would be an expensive way of doing it if evaluating the object was expensive.