[Zope] RDBMS Applications and direct calling of script(python)
and sql methods
Eric Merritt
cyberlync at yahoo.com
Fri Oct 10 09:14:38 EDT 2003
> Instead, have Zope provide you the name of the user
> from its
> authentication machinery. That's *much* harder to
> spoof.
>
> To get this, cook up a Python script called get_user
> and use this for
> the code:
>
> ----
> from AccessControl import getSecurityManager
> return getSecurityManager().getUser().getUserName()
> ----
>
> Now include a call to get_user() when you need to
> pass in the username
> as a parameter to your query.
Thanks! I don't know why this didn't occure to me. It
does however make good sense. Thanks for the info, I
do have one more question though.
Can I add to the user information? At some point I
will need to look up the users numeric id to actually
query the user data. I seem to have read something
about attributes in the past, I may have to dig that
info up.
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
More information about the Zope
mailing list