newSecurityManager w/ LDAPUserFolder still doesn't work for me!
I'm using Zope 2.7.0 a1 I want to be able to 'su' as another user within Zope if a PythonScript is called with valid REQUEST.form values. Attached below is my extension method, which sorta works. The problem is that after I call newSecurityManager, the 'new user' doesn't have View rights to the User object, so calling getProperty() on it fails. I'm using LDAPUserFolder It seems this should work, but doesn't. I've tried various combinations of .__of__ wrapping of the user object. Nothing works. The following extension method, when called correctly, produces this output: current user is backend with roles ('SU', 'Authenticated') has view on user object? 1 set user is darcie with roles ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated') has view on user object? 0 This extension module is called like so from PythonScript: from AccessControl import getSecurityManager context.processSU(context) user = getSecurityManager().getUser() orgid = user.getProperty('orgid',None) I get "Unathorized" on the getProperty call if processSU() has switched the user -- def processSU(context, request=None): """Given an acquisition context and request context, become the specified user if request.form has a variable named _su and if that specifies a valid user, then we'll become that user. su must be the dn of an ldap user to become """ if not request: request = context.REQUEST su = request.form.get('_su') if not su: return sm = getSecurityManager() currentUser = sm.getUser() print "current user is ",repr(currentUser),"with roles", currentUser.getRoles() print "has view on user object?", currentUser.has_permission('View', currentUser) if not currentUser.has_role((suRequiredRole,)): # this is an error raise RuntimeError("Insufficient rights to ZopeSecurityTool process 1") userFolder = context.acl_users newUser = userFolder.getUserByDN(su) if newUser is None: raise RuntimeError("Specified user not found") newUser = newUser.__of__(getattr(userFolder,'aq_base', userFolder)) newSecurityManager(None, newUser) sm = getSecurityManager() newUser = sm.getUser() print "set user is ",repr(newUser), "with roles", newUser.getRoles() print "has view on user object?", newUser.has_permission('View', newUser) -- Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax http://www.wecanstopspam.org/ AOL-IM: BKClements
Brad Clements wrote at 2003-10-26 11:39 -0500:
I want to be able to 'su' as another user within Zope if a PythonScript is called with valid REQUEST.form values.
Attached below is my extension method, which sorta works. The problem is that after I call newSecurityManager, the 'new user' doesn't have View rights to the User object, so calling getProperty() on it fails. I'm using LDAPUserFolder .... newUser = newUser.__of__(getattr(userFolder,'aq_base', userFolder))
Try "newUser= newUser.__of__(userFolder)". I am not sure, it will work but at least it is more correct than your version. -- Dieter
On 26 Oct 2003 at 18:33, Dieter Maurer wrote:
Brad Clements wrote at 2003-10-26 11:39 -0500:
I want to be able to 'su' as another user within Zope if a PythonScript is called with valid REQUEST.form values.
Attached below is my extension method, which sorta works. The problem is that after I call newSecurityManager, the 'new user' doesn't have View rights to the User object, so calling getProperty() on it fails. I'm using LDAPUserFolder .... newUser = newUser.__of__(getattr(userFolder,'aq_base', userFolder))
Try "newUser= newUser.__of__(userFolder)".
I am not sure, it will work but at least it is more correct than your version.
I had tried that first, it didn't work either. I thought maybe I had to unwrap the user folder acquired through the context object, that's why I added the getattr cruft. In any case, newUser= newUser.__of__(userFolder) produces the same results Thanks for trying to help! -- Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax http://www.wecanstopspam.org/ AOL-IM: BKClements
participants (2)
-
Brad Clements -
Dieter Maurer