[Zope-CMF] _checkPermission problems
seb bacon
seb@jamkit.com
Thu, 28 Jun 2001 14:26:33 +0100
Hi,
I mailed the list a while ago about this problem, but it's still not
resolved:
_checkPermission(permission, obj) isn't working for me, even though I
can manually see that I do have the roles required for the specified
permission.
Looking at the code, _checkPermission calls _getAuthenticatedUser,
which calls getSecurityManager.
SecurityManagement.getSecurityManager() tries to get a SecurityManager for the
current thread, fails, and returns a default SecurityManager with a
context which sets the user to be Anonymous.
I presume the failure to grab a manager from the current thread is the
cause of my problems, but I'm in murky waters wrt SecurityManagement.
It seems that a manager is only keyed against a thread when validate()
is called, which apparently only happens at times like
PortalFolder._verifyObjectPaste.
< sound of head exploding >
Someone with SecurityZen, please help me understand :-) when / how
should the correct security manager be associated with a thread? does
this indeed sound like the cause of my problem?
seb
--
[] j a m k i t
seb bacon
T: 020 7749 7218
F: 020 7739 8683
M: 07968 301 336
W: www.jamkit.com