Q: filtering search results by checkPermission?
Hi, I'm trying to filter a search results list to remove documents which the current user doesn't have permission to view. I wrote a python script which tries to do just that. I call checkPermission('View', x.absolute_url) for every element in a doFormSearch result list, but it doesn't quite work. What should I use instead of "x.absolute_url" to find the object of a search result? --Noel # list_viewable = filterCheckPermissions(list_search_results) # # usage: # <dtml-let results="filterCheckPermissions(doFormSearch(REQUEST=REQUEST))"> # # from AccessControl import getSecurityManager checkPermission = getSecurityManager().checkPermission; return filter(lambda x: checkPermission('View', x.absolute_url), list)
Noel Burton-Krahn writes:
I'm trying to filter a search results list to remove documents which the current user doesn't have permission to view. I wrote a python script which tries to do just that. I call
checkPermission('View', x.absolute_url) You need to check the object itself, not its URL.
If "x" is an element of a catalog search, it is in fact not the object itself, but a proxy. You use its "getObject()" method to get at the object. Some objects are itself protected by the "View" permission. Then, even accessing them with "getObject" will raise an "Unauthorized" exception. Therefore, you use: allowed= 0 try: allowed= checkPermission('View',x.getObject()) except: pass Of course, this assumes, you have beforehand assigned "getSecurityManager().checkPermission" to "checkPermission". Dieter
participants (2)
-
Dieter Maurer -
Noel Burton-Krahn