[Zope-dev] getSecurityManager force auth in __bobo_traverse__

Craeg K Strong cstrong@arielpartners.com
Wed, 16 Oct 2002 14:07:34 -0400


I don't know, but this might help:

http://lists.zope.org/pipermail/zope-dev/2002-October/017701.html

It gives you the authenticated user, and you can call the authorization
machinery yourself by hand from there.

--Craeg

kosh@aesaeion.com wrote:
> On Wed, 16 Oct 2002, Chris Withers wrote:
> 
> 
>>kosh@aesaeion.com wrote:
>>
>>>I need to check if a user has a certain permission to decide to call a
>>>function during traversal however even though the browser is sending auth
>>>(I checked with ethereal) it seems that zope is not figuring out its
>>>security stuff until later.
>>
>>If this is in an access rule, the nread the mailing list archives ;-)
> 
> 
> I checked the list archives and this is not an access rule and I could not
> find any good search engines for the list archives to try and get a good
> answer.
> 
> 
>>PS: Short answer: you can't.
> 
> 
> I have to do it somehow there is really no choice in that even if I have
> to do the auth myself to an acl_user folder and follow it from there.
> However if I have to go that far then I would also have to say that the
> design of zopes security system is very flawed. There should be one
> function call to make to initialize the security environment needed that
> can be called from a python product.