[Zope] NUXUserGroups Zope security

Sion Morris s.morris@bangor.ac.uk
Fri, 12 Jul 2002 13:18:25 +0100


Hi,

To get a list of users for a particular group (using NuxUserGroups) 
using the following python script

group=context.acl_users.getGroupById(groupname)
users=group.getUsers()
return users

I get an error: 'You are not allowed to access getUsers in this context'

In order to get the list I created an external method with the following 
based on stuff from ZopeLABS:

def get_list_of_users(self, groupName):
         acl_users = getattr(self, 'acl_users')
         groups  = acl_users.getGroupById(groupName).__of__(acl_users)
         usernames = groups.getUsers()
         return usernames

and it works.

So to access any methods of objects from a python script or DTML I have 
to create an external method? Is this right. Would some kind soul 
explain why this is the case or if I'm doing it incorrectly or I missed 
something.

I have read the security.declareProtected stuff on ZDG and noticed that 
getUsers has
security.declareProtected(ManageUsers, 'getUsers'). The python script 
above has a proxy role of manager which has permission to 'Manage users'.

Many thanks,

Sion