[Zope-Checkins] CVS: Zope2 - dtml-funcs.stx:1.4

Amos Latteier amos@digicool.com
Mon, 9 Apr 2001 18:57:04 -0400 (EDT)


Update of /cvs-repository/Zope2/lib/python/Products/OFSP/help
In directory korak:/tmp/cvs-serv3269

Modified Files:
	dtml-funcs.stx 
Log Message:
Document DTML security functions.



--- Updated File dtml-funcs.stx in package Zope2 --
--- dtml-funcs.stx	2001/03/20 23:32:42	1.3
+++ dtml-funcs.stx	2001/04/09 22:57:03	1.4
@@ -149,7 +149,36 @@
       sequences of key-value tuples, with ordering done on the
       keys. This function is useful for constructing ordered select
       lists.
- 
+
+    SecurityCalledByExecutable() -- Return a true if the current
+    object (e.g. DTML document or method) is being called by an
+    executable (e.g. another DTML document or method, a script or a
+    SQL method).
+
+    SecurityCheckPermission(permission, object) -- Check whether the
+    security context allows the given permission on the given
+    object. For example, 'SecurityCheckPermission("Add Documents,
+    Images, and Files", this())' would return true if the current user
+    was authorized to create documents, images, and files in the
+    current location.
+
+    SecurityGetUser() -- Return the current user object. This is
+    normally the same as the 'REQUEST.AUTHENTICATED_USER'
+    object. However, the 'AUTHENTICATED_USER' object is insecure since
+    it can be replaced.
+
+    SecurityValidate([object] [,parent] [,name] [,value]) -- Return
+    true if the value is accessible to the current user. 'object' is
+    the object the value was accessed in, 'parent' is the container of
+    the value, and 'name' is the named used to access the value (for
+    example, if it was obtained via 'getattr'). You may omit some of
+    the arguments, however it is best to provide all available
+    arguments.
+
+    SecurityValidateValue(object) -- Return true if the object is
+    accessible to the current user. This function is the same as
+    calling 'SecurityValidate(None, None, None, object)'.
+
     str(object) -- Return a string containing a nicely printable
     representation of an object. For strings, this returns the string
     itself.