[Zope3-Users] Permissions of a given object
Frank Burkhardt
fbo2 at gmx.net
Tue Jan 17 12:40:43 EST 2006
Hi,
On Tue, Jan 17, 2006 at 10:53:12AM -0500, Gary Poster wrote:
[snip]
> The meaning of "objects a user can access" varies significantly from
> application to application. You will probably want to optimize this
> filter by creating an index eventually. For some policies and questions,
> this might be hard to do well. We'll be releasing an index that does this
> sort of thing for one kind of use case soon, but it doesn't precisely
> match what you are doing here.
> You'll probably want to think about this problem for your app and see how
> you can index the data.
Even if would write an index for this - I would still need some method to
check, if a given principal is allowed to access a given object.
Finally, I found a solution:
from zope.security.checker import ProxyFactory
list=catalog.searchResults(content='findme');
permitted_list=[]
for obj in list:
defaultview=zapi.getDefaultViewName(obj,self.request)
try:
view=zapi.queryMultiAdapter((ProxyFactory(obj),self.request),name=viewname)
permitted_list.append(view)
except Unauthorized:
"""Don't list this one"""
Regards,
Frank
More information about the Zope3-users
mailing list