[Zope] Scripts run as least privileged user necessary?
Ken Causey
ken at kencausey.com
Fri Aug 29 11:27:15 EDT 2003
I'm running into a strange problem. I have a situation in which I want
a script to treat Managers differently than other users. But I'm
finding that whether or not I'm logged in as a manager or not the script
only considers the user to be 'Anonymous User' as long as 'Anonymous'
has View privilege for the script. If I change the Security permissions
so that only 'Authenticated' can View the script then the user is
properly identified. Is this expected behaviour? This is what I'm
seeing on 2.6.1.
As a test create a script with
return _.SecurityGetUser()
be sure to bind '_' to Namespace. Set that script so that the View
privilege is allowed for 'Anonymous'. Stay logged in and run the
script. Then change it so only 'Authenticated' as the View privilege,
run it again. The behavior changes based on the permissions.
Ken Causey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.zope.org/pipermail/zope/attachments/20030829/cf814e82/attachment.bin
More information about the Zope
mailing list