Things are better - but still not quite right. I'm guessing that ValidateValue wants an object rather than a string, since passing it a string as returned from context.filtered_manage_options() makes it return "False" every time. I found Validate and tried passing the string as the "name" argument, with the current context as the "container" argument, but then everything gets a "True" value; my dummy user account still gets presented with options that can't be used. Is there a way to make it only return true for those actions the current user can do? <start slight documentation rant> I suspect either a) I'm going to have to figure out how to get the actual object given the method name, or b) I'm still not understanding the Validate arguments. The document I found says that the first value, "Accessed", is "the object that was being accessed" - I left that as None, but is it asking for the current object (context) or the object that is the method? And for "value" it says "the value retrieved through the access" - I've been assuming that if I used the method name to get the method object, that would be what I'd properly pass for this argument, but I'm not 100% clear on this - and this is the same as the sole argument for ValidateValue. Help! <end rant> Thanks a bunch for following up, Dieter - the DTML/Python stuff was making me nuts. I'll do that feature request. - Am ============== my current code - everything passes, ============ ============== even when it shouldn't ========================== from AccessControl import getSecurityManager manage_options=context.filtered_manage_options() optionslist = [] for mopt in manage_options: print "testing", mopt['action'] if getSecurityManager().validate(None, context, mopt['action'], None): # the next test makes everything fail # if getSecurityManager().validateValue(mopt['action']): optionslist.append([mopt['action'], mopt['label']]) print "...passed" else: print "...failed" return printed ============================================== Dieter Maurer wrote:
A M Thomas writes:
Thanks, Dieter! This looks like exactly what I want. Documented in the Zope book and everything.
Of course, I'm trying to use it in a python script - tried context.SecurityValidateValue(stuff) - and it's giving me an attribute error, but I'm struggling with the flu and it could be anything. It is very unfortunate (and unnecessary) that DTML and Python Script use different security API's. Please file a feature request to the Collector.
In Python Scripts, you would use:
from AccessControl import getSecurityManager
getSecurityManager().validateValue(value)
In fact, that's what "SecurityValidateValue" does...
Dieter