[Zope] newSecurityManager w/ LDAPUserFolder still doesn't work for
me!
Brad Clements
bkc at murkworks.com
Sun Oct 26 11:39:16 EST 2003
I'm using Zope 2.7.0 a1
I want to be able to 'su' as another user within Zope if a PythonScript is called with valid
REQUEST.form values.
Attached below is my extension method, which sorta works. The problem is that after I
call newSecurityManager, the 'new user' doesn't have View rights to the User object, so
calling getProperty() on it fails. I'm using LDAPUserFolder
It seems this should work, but doesn't. I've tried various combinations of .__of__
wrapping of the user object. Nothing works.
The following extension method, when called correctly, produces this output:
current user is backend with roles ('SU', 'Authenticated')
has view on user object? 1
set user is darcie with roles ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated')
has view on user object? 0
This extension module is called like so from PythonScript:
from AccessControl import getSecurityManager
context.processSU(context)
user = getSecurityManager().getUser()
orgid = user.getProperty('orgid',None)
I get "Unathorized" on the getProperty call if processSU() has switched the user
--
def processSU(context, request=None):
"""Given an acquisition context and request context, become the specified user
if request.form has a variable named _su and if that specifies a valid user,
then we'll become that user.
su must be the dn of an ldap user to become
"""
if not request:
request = context.REQUEST
su = request.form.get('_su')
if not su:
return
sm = getSecurityManager()
currentUser = sm.getUser()
print "current user is ",repr(currentUser),"with roles", currentUser.getRoles()
print "has view on user object?", currentUser.has_permission('View', currentUser)
if not currentUser.has_role((suRequiredRole,)):
# this is an error
raise RuntimeError("Insufficient rights to ZopeSecurityTool process 1")
userFolder = context.acl_users
newUser = userFolder.getUserByDN(su)
if newUser is None: raise RuntimeError("Specified user not found")
newUser = newUser.__of__(getattr(userFolder,'aq_base', userFolder))
newSecurityManager(None, newUser)
sm = getSecurityManager()
newUser = sm.getUser()
print "set user is ",repr(newUser), "with roles", newUser.getRoles()
print "has view on user object?", newUser.has_permission('View', newUser)
--
Brad Clements, bkc at murkworks.com (315)268-1000
http://www.murkworks.com (315)268-9812 Fax
http://www.wecanstopspam.org/ AOL-IM: BKClements
More information about the Zope
mailing list