[Zope3-Users] Permissions of a given object
Frank Burkhardt
fbo2 at gmx.net
Thu Jan 12 07:01:17 EST 2006
Hi,
On Thu, Dec 15, 2005 at 10:27:00AM +0100, Dominik Huber wrote:
> Frank Burkhardt wrote:
>
> >Hi,
> >
> >when I search using a catalog, I get a list of persistent objects
> >but maybe there are objects among them, the calling user
> >doesn't have permissions for.
> >
> >How do I check, if the current user (the one calling the view
> >which queries the catalog) is allowed to view an object?
> >
> zope.security.checker.canAccess and .canWrite
Thank you, Dominik. Unfortunately I'm not able to connect all the puzzle
pieces.
I would like to test, if the current principal is allowed to access
the defaultview of an object ('obj'). This is what I try:
for obj in catalog.searchResults(content=searchquery):
view=zapi.queryMultiAdapter((obj,self.request),name='view.html')
try:
canAccess(view,'__call__')
search_results.append(obj)
except:
"""object inaccessible"""
But canAccess never fails here - even if the object is inaccessible.
I've got 2 questions:
* How do I securityproxy an object like 'view' or is there another way to
test, if the current principal is allowed to access the object?
* How doI determine the name of the browser:defaultView configured via ZCML?
Regards,
Frank
More information about the Zope3-users
mailing list