RE: [Zope] RE: What method do I use to check access? (and how do I do 'getitem' in an external method?)
-----Original Message----- From: Howard Clinton Shaw III [mailto:shawh@sths.org] Sent: Thursday, May 27, 1999 21:45 To: Jay, Dylan Cc: 'zope@zope.org' Subject: Re: [Zope] RE: What method do I use to check access?
On Wed, 26 May 1999, Jay, Dylan wrote:
The problem with your solution is that it doesn't take into account aquired permissions.
for i in AUTHENTICATED_USER.getRoles(): if i in SomeObject._View_Permission.getRoles(): return 1 return 0
Oops. Think I just sent a message to the list which you had already answered. OK, with respect to acquisition, the Permission object explicitly abandons (assuming I understand this right) acquisition by setting the obj it gets equal to obj.aq_base if such exists. Now this would be a severe kludge, but since encapsulation in python is largely imaginary, you could try this:
SomeObject._View_Permission=obj for i in AUTHENTICATED_USER.getRoles(): obj=SomeObject._View_Permission.obj if i in SomeObject._View_Permission.getRoles(): SomeObject._View_Permission=obj return 1 SomeObject._View_Permission=obj return 0
Or conceivably:
P = Permission('View','',SomeObject) P.obj=SomeObject for i in AUTHENTICATED_USER.getRoles(): if i in P.getRoles(): return 1
Ok, I'm still working on the problem. I've come upon a snag however. If I pass in SomeObject above I will get an "You are not authorized to access SomeObject" error. So instead I need to pass in the object id and get the object myself. However I have had no luck working out how to do this. What I need is the getitem method in an external method. Searching through all the code as left me none the wiser. Here's the closest I have. from AccessControl.Permission import Permission def hasPermission(self, pname, objName, AUTHENTICATED_USER): SomeObject = self.__getitem__(objName) P = Permission(pname,'',SomeObject) P.obj=SomeObject for i in AUTHENTICATED_USER.getRoles(): if i in P.getRoles(): return 1
On Mon, 07 Jun 1999, Jay, Dylan wrote: <snip>
Ok, I'm still working on the problem. I've come upon a snag however. If I pass in SomeObject above I will get an "You are not authorized to access SomeObject" error. So instead I need to pass in the object id and get the object myself. However I have had no luck working out how to do this. What I need is the getitem method in an external method. Searching through all the code as left me none the wiser.
Here's the closest I have.
from AccessControl.Permission import Permission
def hasPermission(self, pname, objName, AUTHENTICATED_USER): SomeObject = self.__getitem__(objName)
try this. SomeObject = eval('self.'+pname) However, indications from the above are that it might give an error; if so, can be much easier.... try: SomeObject = eval('self.'+pname) except: # He ain't allowed to do that else: # He is allowed to do that And not have to fight with any permissions stuff.
P = Permission(pname,'',SomeObject) P.obj=SomeObject for i in AUTHENTICATED_USER.getRoles(): if i in P.getRoles(): return 1 -- Howard Clinton Shaw III - Grum St. Thomas High School #include "disclaimer.h"
participants (2)
-
Howard Clinton Shaw III -
Jay, Dylan