[Zope-CMF] Re: CMFCatalog question

Tres Seaver tseaver at palladion.com
Thu Nov 23 20:25:29 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fabio Corneti wrote:
> Hi all,
> some days ago I needed a way to have portal_catalog.searchResults support
> proxy roles;
> after a bit of searching I found this patch for CMFCatalog (which has been
> integrated
> into trunk):
> 
> http://www.zope.org/Collectors/CMF/380
> 
> In this patch, the current user roles are replaced by the proxy roles (if
> these are defined):
> 
> def _listAllowedRolesAndUsers(self, user):
>     effective_roles = user.getRoles()
>     sm = getSecurityManager()
>     if sm.calledByExecutable():
>         eo = sm._context.stack[-1]
>         proxy_roles = getattr(eo, '_proxy_roles', None)
>         if proxy_roles is not None:
>>>>         effective_roles = proxy_roles
>     result = list( effective_roles )
>     result.append( 'Anonymous' )
>     result.append( 'user:%s' % user.getId() )
>     return result
> 
> Should proxy roles completely overwrite user roles or they should be added
> like in the 
> example below?
> 
> effective_roles = list(effective_roles) + list(proxy_roles)

In the Zope2 security model, proxy roles are supposed to replace the
user's roles, rather than extending them.  If the script which has the
proxy role of Manager breaks for you using the patch, then you need to
grant any extra roles to the script as well (what roles are these, that
have permissions not granted to Manager?)


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFZkoI+gerLs4ltQ4RAoMfAJoDTnaeHLkU0L9OHyFPHZpAUncoEgCfe3qR
r1OiO2hfw1fgNKT3rIuBib8=
=h/wC
-----END PGP SIGNATURE-----



More information about the Zope-CMF mailing list