on or about, Thursday, January 02, 2003, we have reason to believe that
Matthew Russell wrote something along the lines of :
> We have an existing system, where each of our customers (companys) gets
> a new subfolder of our site:
> e.g
> http://url:8080/customers/companyA
...
> However, say i want each company to call a method :
> getFinancialRecords(company, username)
> So I am thinking, is it possible to include my Product 'X' (that has the
> getFinancialRecords method) in the "customers" folder and still=20
> preservce security and access levels=3F
...
> Is there a better way that can i allow different levels of access to=20
> getFinancialRecords for different users of company 'A' for example=3F
if you start out with just an External Method , you could get a lot done
with little work.
external methods get passed 'self' by magic, so you could call it like
this :
<p tal:content=3D"here/getFinancialRecords" />
in your pagetemplate.
your external method could look something like this..
def getFinancialRecords(self):
from AccessControl import getSecurityManager
sec_mgr =3D getSecurityManager()
if sec_mgr.checkPermission('View management screens', self):
# the current user has permissions to view management screens on
# the current object, thus he should get the fincancial data
company =3D self.company
# assumes company to ba a property of each company's folder
Whatever code fetches the actual data
return data
else:
return "You do not have permissions to see financial data for this =
company"
:)
--=20
Geir B=E6kholt geir@funcom.com
Tools/HCI-developer
Tools/Billing - Product Operations
Funcom Oslo