RE: [Zope] RE: What method do I use to check access?
-----Original Message----- From: Michel Pelletier [mailto:michel@digicool.com] Sent: Thursday, May 13, 1999 15:51 To: Jay, Dylan; 'Martijn Pieters'; 'Jason Spisak'; zope@zope.org Subject: RE: [Zope] RE: What method do I use to check access?
I want a method such that <!--#if "AUTHENTICATED_USER.hasPermission('View',myDoc)"--> or something similar.
I've never seen or used anything like this, so perhaps you may want to try to refactor your problem, otherwise:
Users don't have permissions, Users have roles. Using the security screen in the managment interface, you map which roles have which permissions, and when you create Users, you give them roles. If your user is in a Role which has the 'View' permission associated with it, then you don't need to do the #if check. I think maybe what your looking for is "Do any of my User's *Roles* map to the permission x?". (Not using 'View' as an example because anonymous maps to 'View' by default)
This would require a bit of tinkering, but it could be done with AUTHENTICATED_USER.getRoles() and rolesOfPermission(x). You may also want to talk a look at AccessControl/Roles.py, there are several methods defined in there to exampine roles and permissions, like permissionsOfRole (the inverse of rolesOfPermision) and acquiredRolesAreUsedBy.
I've looked at rolesOfPermission etc and they don't seem to give what I want in that they don't recursivly check parent permissions if permissions are aquired. What I really want is an easy way conditionally include something based on weather the user can view it (or maybe another permission). I don't want to have to hard code the roles as this is duplicating code. What I want is <!--#if "AUTHENTICATED_USER.hasPermission(SomeObject, 'View')"--> <a href="<!--#var "SomeObject.absolute_url()"-->">Goto SomeObject</a> <!--#/if--> The link will only appear if the user can actually go to it. This must be possible as somewhere in the code this validation must happen already. I've tried looking but really need some help.
I've looked at rolesOfPermission etc and they don't seem to give what I want in that they don't recursivly check parent permissions if permissions are aquired. What I really want is an easy way conditionally include something based on weather the user can view it (or maybe another permission). I don't want to have to hard code the roles as this is duplicating code. What I want is <!--#if "AUTHENTICATED_USER.hasPermission(SomeObject, 'View')"--> <a href="<!--#var "SomeObject.absolute_url()"-->">Goto SomeObject</a> <!--#/if-->
The link will only appear if the user can actually go to it. This must be possible as somewhere in the code this validation must happen already. I've tried looking but really need some help.
I don't normally do this, but: Me Too :-) Seriously, if there is a simple way to do it (preferably like the above), I am all ears(eyes)!
On Wed, 26 May 1999, Bill Anderson wrote:
I've looked at rolesOfPermission etc and they don't seem to give what I want in that they don't recursivly check parent permissions if permissions are aquired. What I really want is an easy way conditionally include something based on weather the user can view it (or maybe another permission). I don't want to have to hard code the roles as this is duplicating code. What I want is <!--#if "AUTHENTICATED_USER.hasPermission(SomeObject, 'View')"--> <a href="<!--#var "SomeObject.absolute_url()"-->">Goto SomeObject</a> <!--#/if-->
The link will only appear if the user can actually go to it. This must be possible as somewhere in the code this validation must happen already. I've tried looking but really need some help.
I don't normally do this, but: Me Too :-)
Seriously, if there is a simple way to do it (preferably like the above), I am all ears(eyes)!
You might have to use an ExternalMethod to access it, but try for i in AUTHENTICATED_USER.getRoles(): if i in SomeObject._View_Permission.getRoles(): return 1 return 0 I think the _ in front of _View_Permissions will force you to use an external method, but once you write the method, you could call it like <!--#if "hasViewPermission(SomeObject, REQUEST)"--> <a href="<!--#var SomeObject.absolute_url()"-->">Goto SomeObject</a> <!--#/if--> I haven't tested this, and I don't know for sure that the _View_Permission.getRoles() will work... Good luck.
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope
(For developer-specific issues, use the companion list, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
-- Howard Clinton Shaw III - Grum St. Thomas High School #include "disclaimer.h"
participants (3)
-
Bill Anderson -
Howard Clinton Shaw III -
Jay, Dylan