[Zope-dev] getSecurityManager force auth in __bobo_traverse__

kosh@aesaeion.com kosh@aesaeion.com
Wed, 16 Oct 2002 19:47:44 -0600 (MDT)


On Wed, 16 Oct 2002, Chris Withers wrote:

> kosh@aesaeion.com wrote:
> > I need to check if a user has a certain permission to decide to call a
> > function during traversal however even though the browser is sending auth
> > (I checked with ethereal) it seems that zope is not figuring out its
> > security stuff until later.
>
> If this is in an access rule, the nread the mailing list archives ;-)

I checked the list archives and this is not an access rule and I could not
find any good search engines for the list archives to try and get a good
answer.

> PS: Short answer: you can't.

I have to do it somehow there is really no choice in that even if I have
to do the auth myself to an acl_user folder and follow it from there.
However if I have to go that far then I would also have to say that the
design of zopes security system is very flawed. There should be one
function call to make to initialize the security environment needed that
can be called from a python product.