[Zope-dev] ZCatalog: hiding search results from unauthorized users - hack
Casey Duncan
casey@zope.com
Tue, 02 Apr 2002 11:05:30 -0700
The problem with this solution is that you must wake up every object
found, thus negating the performance/memory advantaged of ZCatalog's
lazy result sets.
Since you said (in your other message) that the restriction is by role,
couldn't you just index the roles allowed to view a given object and
then filter on that index. The caveat with that is that you would need
to reindex whenever the access settings changed. So, this would need to
be done in such a way in your application so that the objects could be
indexed when the security settings changed. This would make implicit
(acquired) security changes difficult to handle.
On the bright side, you wouldn't need to subclass ZCatalog, or bring all
the results into memory and validate each one. Thats *extremely*
expensive. All you would need to do is create a method or python script
that returned a list of roles allowed to "view" an object, and then
create a keyword index on this method/script.
hth,
Casey
Igor Stroh wrote:
> Hi all,
>
> in case someone have same problem as me (see "ZCatalog - hiding query
> results" thread for more info) - I got a solution:
>
> - create a product that subclasses ZCatalog
> - in this product overwrite ZCatalog.getobject with
>
> def getobject(self, rid):
> """foo"""
> obj = self.aq_parent.unrestrictedTraverse(self.getpath(rid),\
> restricted=1)
> return obj
>
> - create a python script in your catalog (e.g. "filterCat") with a
> parameter that reoresents the catalog itself ("brains" here):
>
> retval = []
> for brain in brains:
> try:
> obj = container.getobject(brain.getRID())
> retval.append(brain)
> except:
> pass
> return retval
>
> - adjust your catalog query reports, so that they call
> "filterCat(_['<catalogname>'])" instead of <catalogname>
>
> Now your users see only those hits in a query which apply to objects they
> are allowed to "View".
>
> greetings,
> Igor
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
>
>