[Zope] RE: What method do I use to check access? (and how do I do 'getitem' in an external method?)

Jay, Dylan djay@lucent.com
Fri, 11 Jun 1999 10:25:37 +1000


> -----Original Message-----
> From: Howard Clinton Shaw III [mailto:shawh@sths.org]
> Sent: Wednesday, June 09, 1999 05:32
> To: Jay, Dylan
> Cc: 'zope@zope.org'
> Subject: RE: [Zope] RE: What method do I use to check access? (and how
> do I do 'getitem' in an external method?)
> 
> 
> On Mon, 07 Jun 1999, Jay, Dylan wrote:
> <snip>
> > 
> > Ok, I'm still working on the problem. I've come upon a snag 
> however. If I
> > pass in SomeObject above I will get an "You are not 
> authorized to access
> > SomeObject" error. So instead I need to pass in the object 
> id and get the
> > object myself. However I have had no luck working out how 
> to do this. What I
> > need is the getitem method in an external method. Searching 
> through all the
> > code as left me none the wiser.
> > 
> > Here's the closest I have.
> > 
> > from AccessControl.Permission import Permission
> > 
> > def hasPermission(self, pname, objName, AUTHENTICATED_USER):
> >   SomeObject = self.__getitem__(objName)
> 
> try this.
> SomeObject = eval('self.'+pname)
> 
> However, indications from the above are that it might give an 
> error; if so, can be
> much easier....
> try:
> 	SomeObject = eval('self.'+pname)
> except:
> 	# He ain't allowed to do that
> else:
> 	# He is allowed to do that
> 
> And not have to fight with any permissions stuff.

Don't think that will ever work because there is NO validation of security
inside an external method. This might work if it was done in dtml and there
was a way of catching exceptions. However I believe this would be an
expensive way of doing it if evaluating the object was expensive.