[Zope] RDBMS Applications and direct calling of script(python)
and sql methods
Dylan Reinhardt
zope at dylanreinhardt.com
Fri Oct 10 11:41:05 EDT 2003
On Fri, 2003-10-10 at 06:14, Eric Merritt wrote:
> > Instead, have Zope provide you the name of the user
> > from its
> > authentication machinery. That's *much* harder to
> > spoof.
> >
> > To get this, cook up a Python script called get_user
> > and use this for
> > the code:
> >
> > ----
> > from AccessControl import getSecurityManager
> > return getSecurityManager().getUser().getUserName()
> > ----
> >
> > Now include a call to get_user() when you need to
> > pass in the username
> > as a parameter to your query.
>
> Thanks! I don't know why this didn't occure to me. It
> does however make good sense. Thanks for the info, I
> do have one more question though.
>
> Can I add to the user information?
It's not quite as easy to add properties to user objects as it is with
other objects. There's no TTW interface, but it can be done
programmatically... more importantly, there are other options.
For example, you could create a folder for each user that has their
username as its id. That folder could then store the userid property.
Looking up the id might then be as easy as:
context[get_user()].userid
Having these folders may allow for some nice Acquisition magic too.
Depending on the number of users you have, the easiest thing might be to
store a username:userid mapping somewhere and resolve from that, eg:
-----
my_map = {'bob':27, 'sally':38. ...}
return my_map.get(get_user())
-----
HTH,
Dylan
More information about the Zope
mailing list