getSecurityManager.getUser() in __getitem__ Was: [Zope] Method with Dot in the name

Dieter Maurer dieter@handshake.de
Sun, 24 Nov 2002 19:15:55 +0100


Thomas Guettler writes:
 > ... calling "__getitem__" during URL traversal ...
 > It works 95%. Since no REQUEST is given to __getitem__ I get
 > it like this: 
 > 
 > if hasattr(self, 'REQUEST'):
 >     request=self.REQUEST
 > 
 > This or something differnt
No, it does not -- see below.
 > seems to change the result
 > of getSecurityManager().getUser(): I always get the
 > anonymous user.
This is because authentication is done at the end of traversal.

   When you use "__getitem__" during traversal, the user is not yet
   determined.

 > Does someone know why getUser() in __getitem__ is diffent than in
 > other methods?
It is not. Any method used during traversal will behave identically
in this respect.

 > The next thing is working, but it is not nice: the call to
 > __getitem__() returns the content of a file to the browser. But Zope
 > misses the docstring of the string. I solved by adding the content to
 > the request object and returning a function which returns this, but a
 > nicer solution would be better:
You can solve both problems by returning a wrapper object for your
file.

Ensure, that your wrapper class inherits from "Acquisition.Explicit/Implicit"
and that you wrap it in the objects context.

Give its "__call__" method a docstring and let it render the file content.
Protect it as you find useful. This way Zopes security mechanism
ensures authorized access only.

You can also replace "__getitem__" by "__bobo_traverse__" (when you like).


Dieter