[Zope3-Users] Permissions of a given object
Frank Burkhardt
fbo2 at gmx.net
Tue Jan 17 10:38:06 EST 2006
Hi,
On Sun, Jan 15, 2006 at 11:20:47AM -0500, Stephan Richter wrote:
> On Thursday 12 January 2006 08:13, Frank Burkhardt wrote:
> > but the problem remains: canAccess returns True for all inaccessible
> > objects.
>
> It is hard to guess where your setup is wrong. Does it not work for unit
> tests, ftests and/or the full application?
The full application.
In a browser:view I want to query my Catalog to return a list of objects:
list = catalog.searchResults(content='findme')
list contains a list of objects containing the word 'findme'. Now I
want to filter the list to contain only obj, the current principal
has access to.
permitted_list=[]
for obj in list:
if canAccess(obj,'__call__'):
permitted_list.append(obj)
But there's no security proxy wrapping 'obj' s from 'list'.
How do I securityproxify 'obj' before being checked by canAccess so that the
result of canAccess reflects if the current principal is allowed to access
'obj' ?
Maybe I'm completly wrong and there's another way to filter searchresults
for objects, the user has access to?
Regards,
Frank
More information about the Zope3-users
mailing list