[Zope] strange behaviour of user.has_permission

robert robert@redcor.ch
Wed, 7 May 2003 08:24:23 +0200


Stuart

Thank you very much for your explanation.

Since has_permission does not work I am using now allowed which seems to do=
=20
the trick

Robert

Am Mittwoch, 7. Mai 2003 06:12 schrieb Stuart Bishop:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday, May 3, 2003, at 06:33  AM, robert wrote:
> > Hi there,
> > I have a freshly created plone portal.
> > I added a user "schmid" with no roles at all
> > I added a document "Doc"
> >
> > Then I created a script that tested for all permissions wheter user
> > schmid has
> > it.
> > The following script returned  true on every permission.
> > This  is very wrong.
> > What is the problem ??
>
> user.has_permission is actually checking if the currently authenticated
> user (you) has the specified permission - not schmid.
>
> There is a Collector issue open about this behaviour
> (http://collector.zope.org/Zope/514/view), but nobody has gotten around
> to fixing it yet. Unless you feel like patching
> lib/python/AccessControl/User.py, you are going to have to find another
> way to do what you need.
>
> - --
> Stuart Bishop <zen@shangri-la.dropbear.id.au>
> http://shangri-la.dropbear.id.au/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (Darwin)
>
> iD8DBQE+uIfGh8iUz1x5geARApPIAJ0V139DLRKihF8o7nloVphetr6V/ACglLXJ
> h1cHF7i6cV2DcjpCrIYfUZc=3D
> =3DuYPc
> -----END PGP SIGNATURE-----

=2D-=20
mit freundlichen Gr=FCssen

Robert Rottermann
www.redCOR.ch