[Zope] newSecurityManager w/ LDAPUserFolder still doesn't work for me!

Brad Clements bkc at murkworks.com
Sun Oct 26 11:39:16 EST 2003


I'm using Zope 2.7.0 a1

I want to be able to 'su' as another user within Zope if a PythonScript is called with valid 
REQUEST.form values.

Attached below is my extension method, which sorta works. The problem is that after I 
call newSecurityManager, the 'new user' doesn't have View rights to the User object, so 
calling getProperty() on it fails. I'm using LDAPUserFolder

It seems this should work, but doesn't. I've tried various combinations of .__of__ 
wrapping of the user object. Nothing works.

The following extension method, when called correctly, produces this output:

current user is  backend with roles ('SU', 'Authenticated')
has view on user object? 1
set user is  darcie with  roles ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated')
has view on user object? 0

This extension module is called like so from PythonScript:

from AccessControl import getSecurityManager

context.processSU(context)
user = getSecurityManager().getUser()

orgid = user.getProperty('orgid',None)

I get "Unathorized" on the getProperty call if processSU() has switched the user 

--


def processSU(context, request=None):
    """Given an acquisition context and request context, become the specified user

       if request.form has a variable named _su and if that specifies a valid user,
       then we'll become that user.

       su must be the dn of an ldap user to become
    """

    if not request:
        request = context.REQUEST
        
    su = request.form.get('_su')
    if not su:
        return

    sm = getSecurityManager()
    currentUser = sm.getUser()
    print "current user is ",repr(currentUser),"with roles", currentUser.getRoles()
    print "has view on user object?", currentUser.has_permission('View', currentUser)
    if not currentUser.has_role((suRequiredRole,)):
        # this is an error
        raise RuntimeError("Insufficient rights to ZopeSecurityTool process 1")
    
    userFolder = context.acl_users
    newUser = userFolder.getUserByDN(su)
    if newUser is None: raise RuntimeError("Specified user not found")

    newUser = newUser.__of__(getattr(userFolder,'aq_base', userFolder))
    newSecurityManager(None, newUser)

    sm = getSecurityManager()
    newUser = sm.getUser()
    print "set user is ",repr(newUser), "with  roles", newUser.getRoles()
    print "has view on user object?", newUser.has_permission('View', newUser)




-- 
Brad Clements,                bkc at murkworks.com   (315)268-1000
http://www.murkworks.com                          (315)268-9812 Fax
http://www.wecanstopspam.org/                   AOL-IM: BKClements




More information about the Zope mailing list