Getting permission information in Python (hasRole/getRoles ?)
In a method of a (python) product, I need to select the objects (eg in a Folder) for which a visitor (REQUEST.AUTHENTICATED_USER) has a given permission (eg 'Access contents information'). I tried the following scheme: obj = the_item_to_be_tested if REQUEST.AUTHENTICATED_USER.hasRole( obj, ['Access contents information'])): # add obj to result list But hasRole() always returns None... I then tried to use the method getRoles(). The documentation (in Products/OFSP/help/AuthenticatedUser.py) says: def getRoles(object): """ Returns a list of the roles the user has on the given object (in the current context?) Permission -- Always available """ but when I try: REQUEST.AUTHENTICATED_USER.getRoles(obj) I get a TypeError. Strangely, I observed that without arguments, REQUEST.AUTHENTICATED_USER.getRoles() returns: ('Anonymous',) (for a request from 'Anoymous User'). So I need help from a Zope guru ! Emmanuel
OK, I found a solution to my problem, which looks like this: from AccessControl import getSecurityManager user = getSecurityManager().getUser() if user.has_permission( 'Access contents information', obj ): # do the job... BTW, the Zope API documentation (Zope Book, http://www.zope.org/Members/michel/ZB/AppendixB.dtml) seems outdated; there should be a warning: I prefer no documentation (but access to the source code :-) to incorrect or obsolete documentation !) Emmanuel
participants (1)
-
Emmanuel Viennet