[Zope] Determining Local Roles

[Flynt]

Eric Vautour wrote:
> 
> Hello all,
> 
> I have a stumper here.  I am using the following code to determine the
> permissions of users
> 
> from AccessControl import getSecurityManager
> user = getSecurityManager().getUser()
> if user.has_permission('Change DTML Documents', ob):
> 
> This piece of code appears to detect appropriate permissions if the user is
> set up in an acl_users folder  however, this piece of code does not appear
> to work at the "local role" level.  That is to say that if I give "Jo"
> permissions to change the "index_html" document, the above code does not see
> "Jo" as having permissions to do so.
> 
> Is there any way to detect the permissions at the local role level?
> 
> Eric

Hello Eric,

Local roles often slip through the usually used role- and permission
checkings. I can't give you a direct answer to your question quickly
(without searching myself). However I can tell you, how to check for
roles in a certain context that way, that you get also the local roles.
This might give you a starting point.

I use local roles in one of our intranet sites to give users the ability
to let other users edit their personal wiki pages (if they are in the
mood, to do so). And I show in a sidebar, who has which roles (including
specifically set local roles) in a certain place or on a certain
document. For showing the roles of the currently authenticated user, I
use the following DTML in my sidebar:

<dtml-var expr="AUTHENTICATED_USER.getRolesInContext(this())">

(where I have to admit, that *AUTHENTICATED_USER* is not recommendable;
use instead your *getSecurityManager().getUser()*, it's better).

Instead of saying *getRolesInContext(this())*, you can also give a
certain object, which you want examine and use something like
*getRolesInContext(object)*.

Maybe, this helps you a little further.


Regards,

--- Flynt