[Zope] Authentication from within External Methods
Dieter Maurer
dieter@handshake.de
Tue, 12 Feb 2002 20:58:39 +0100
Marc O. Sandlus writes:
> How can I authenticate a user (i.e. get his name and roles) from within
> an external (Python) method?
I read the mailing list in digest mode. This means, I already know
your grievances with Zope expressed in later messages.
And this allows me to make a sarcastic note:
The Zope documentation for External Methods seems to be comparable
in clarity with that of your question.
After this bit of sarcasm, I can get helpful again.
A later message tells that you want the user/role information
to make a permission check. Zope can make simple checks
for you automatically. You simple associate the
External Method's "View" permission with the roles that
should be allowed to call the method.
You can also use:
from AccessControl import getSecurityManager
user= getSecurityManager().getUser()
and then use "user.getUserName()" and "user.has_role" to get
the user name and role information.
A later message tells that you found out that "self" and
"REQUEST" is passed into an External Method. In fact,
any argument in the External Method's argument list
is passed in provided it is available in the request context.
You may read the "Web Publishing" section of
<http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html>
to find out more.
Finally, the section "Site building objects" in the above
reference tells a bit about the calling magic of External Methods.
Just to avoid you another day of frustration...
Dieter