[Zope] Re: [Zope-dev] Security validation issue
Lennart Regebro
regebro at nuxeo.com
Wed Jan 28 10:15:53 EST 2004
[Replying to zope at zope.org, since zope-dev at zope.org is for development of
Zope, not development with Zope, whether I like it or not. :-)]
From: "Herman Geldenhuys" <hgeldenhuys at gims.com>
> if not AccessControl.getSecurityManager().validate(None, object,
attributes[-1]):
> raise UnauthorisedAccessException('Unauthorised: '
+ originalAddress)
>This code works for any other default Zope type, but not mine. Did I
perhaps forgot a permission or >something?
Hmm. You called a securitymanagers validate with the following parameters:
accessed=None # The object being accessed
container=bound method HWMenuItem.getVersion # The container of the object.
name="getVersion" # the username
value=None
roles=_noroles
This makes absolutely no sense to me whatsoever. What are you trying to
accomplish, and what is the expected effects?
I'm not 100% sure which is the best way to validate access, but normally you
use
user.allowed(object)
Maybe that doesn't work on methods? I haven't tried.
//Lennart
More information about the Zope
mailing list