[Zope] Checking zope userfolder root
chrisf
chrisf@fagmed.uit.no
Thu, 19 Sep 2002 11:37:00 +0200
> Please stay on the list, I've not given up ;-).
> Since the try/except clause didn't work, it's quite clear that getattr
> isn't raising the exception. Maybe it happens inside ZopeFind.
>
> ZopeFind also has the possibility to limit search results based on
> permission (see the "advanced" tab under Find in the ZMI.
>
> IIRC, you can use something like
> ZopeFind(..., obj_permission=[list of permissions], obj_roles=[list of
> roles]), where you define which roles should have which permission on
> the object.
> Another possiblity is to use obj_expr="something", where something tests
> if the actual user is allowed to view the object.
>
> cheers,
> oliver
obj_expr="la_la_la": triggers the authorization window
I am using Jens Vagelpohl idea to get the AUTHENTICATED_USER aquired parent
directory and then checking to make sure the directory lies in the actual path.
Works well and is pretty quick.
Thanks Chris