[Zope] can't use filter to check permission?
Milos Prudek
prudek at bvx.cz
Thu Oct 9 09:56:05 EDT 2003
The following Python script, when invoked in a folder, should list all
ZPT methods that the current user can "View.
from AccessControl import getSecurityManager
checkPermission = getSecurityManager().checkPermission
def okPermissionView(item):
allowed= 0
try:
allowed= checkPermission('View', item)
except:
pass
return allowed
objects = context.objectValues('Page Template')
objects = filter(okPermissionView,objects)
for item in objects:
print item.getId()
return printed
It works for Managers (who can view anything), but it fails with
Unauthorized at the "objects = filter(..." line.
When I unfold the source so that filter is not used, it works without a
hitch. See the "unfolded" source below:
from AccessControl import getSecurityManager
checkPermission = getSecurityManager().checkPermission
objects = context.objectValues('Page Template')
for item in objects:
allowed= 0
try:
allowed= checkPermission('View', item)
except:
pass
if allowed:
print item.getId()
return printed
Does anybody know what's going on here???
--
Milos Prudek
_________________
Most websites are
confused chintzy gaudy conflicting tacky unpleasant... unusable.
Learn how usable YOUR website is! http://www.spoxdesign.com
More information about the Zope
mailing list