[Zope] A thing about roles I don't get...

massimo massimop at users.berlios.de
Tue Sep 28 09:26:49 EDT 2004


Alexis Roda wrote:

> massimo wrote:
>
>> Jonathan Hobbs wrote:
>>
>>> From: "massimo" <massimop at users.berlios.de>
>>>  
>>>
>>>> I have a folder that should be 'operated' only by a certain group of
>>>> users so I created a local role and then activated the 'Access 
>>>> contents
>>>> information' permission only for this role (and for manager, just in
>>>>   
>>>
>>>
>>> case).
>>>  
>>>
>>>> Now I would like to test with a python script if the folder is
>>>> accessible to the current user, to build dynamically a menu so I tried
>>>> this script based on the one in the chapter 'Users and Security' of 
>>>> the
>>>> Zope Book:
>>>>
>>>> #################################################################
>>>> ## Script (Python) "check"
>>>> ##bind container=container
>>>> ##bind context=context
>>>> ##bind namespace=
>>>> ##bind script=script
>>>> ##bind subpath=traverse_subpath
>>>> ##parameters=
>>>> ##title=
>>>> ##
>>>> # Import a standard function, and get the HTML request and response
>>>>   
>>>
>>>
>>> objects.
>>>  
>>>
>>>> from Products.PythonScripts.standard import html_quote
>>>> request = container.REQUEST
>>>> RESPONSE =  request.RESPONSE
>>>>
>>>> from AccessControl import getSecurityManager
>>>> sec_mgr = getSecurityManager()
>>>> return sec_mgr.checkPermission('Access contents information',
>>>> context.restrictedTraverse('/path/to/folder'))
>>>> ##################################################################
>>>>
>>>> It doesn't work the way I hope, It ask me to authenticate claiming 
>>>> that
>>>> I'm not allowed to access the object.
>>>>
>>>> I suppose this is the correct behavior, probably I miss something that
>>>> is in front of my eyes, but a this point I really need a little 
>>>> help...
>>>> please
>>>>   
>>>
>>>
>>>
>>> It sounds like you need to set the Proxy role for your test python 
>>> script to
>>> allow it to access the target object.
>>>
>>>
>>> Jonathan
>>>
>>>
>>>  
>>>
>> well, I feel kinda stupid...
>> I was sure I had already tried it, but now that I checked before
>> answering you I found it working....
>>
>> I thank and apologize
>> massimo
>
>
> IIRC, if the script has proxy role anyone who has access to the script 
> can access the protected contents.
>
>
> Regards

only the script has the proxy role set and it only return true or false; 
there could be some problem I don't see?

massimo



More information about the Zope mailing list