[Zope-dev] getSecurityManager force auth in __bobo_traverse__
Craeg K Strong
cstrong@arielpartners.com
Wed, 16 Oct 2002 14:07:34 -0400
I don't know, but this might help:
http://lists.zope.org/pipermail/zope-dev/2002-October/017701.html
It gives you the authenticated user, and you can call the authorization
machinery yourself by hand from there.
--Craeg
kosh@aesaeion.com wrote:
> On Wed, 16 Oct 2002, Chris Withers wrote:
>
>
>>kosh@aesaeion.com wrote:
>>
>>>I need to check if a user has a certain permission to decide to call a
>>>function during traversal however even though the browser is sending auth
>>>(I checked with ethereal) it seems that zope is not figuring out its
>>>security stuff until later.
>>
>>If this is in an access rule, the nread the mailing list archives ;-)
>
>
> I checked the list archives and this is not an access rule and I could not
> find any good search engines for the list archives to try and get a good
> answer.
>
>
>>PS: Short answer: you can't.
>
>
> I have to do it somehow there is really no choice in that even if I have
> to do the auth myself to an acl_user folder and follow it from there.
> However if I have to go that far then I would also have to say that the
> design of zopes security system is very flawed. There should be one
> function call to make to initialize the security environment needed that
> can be called from a python product.