Le 12 mai 2011 à 12:12, Yuri a écrit :
> Preface: I'm tryng to access an object via a browser view, the object
> normally is not accessible by the user.
>
> What I did:
>
> abstracts =
> self.portal_catalog.unrestrictedSearchResults(sessions=self.this_session)
> results = []
> for abs in abstracts:
> obj = self.context.unrestrictedTraverse(abs.getPath())
> abs_data = {'title': abs.Title, 'abstract': obj.getAbstract(),
> 'autori': obj.autori_view(), 'url':obj.absolute_url(), 'posteroral':
> obj.getAbstract_type()}
>
> this works.
>
> What about the workflow status?
>
> status_info =
> wftool.getStatusOf("rivista_elettronica_publication_workflow", obj)
> status_id = status_info['review_state'] <- error
> status_title =
> wftool.getTitleForStateOnType(status_info['review_state'],'EEPArticleNG')
> abs_data['status'] = {'id': status_id, 'title': status_title}
> results.append(abs_data)
>
> this does not work because th object seems not to be wrapped correctly (I
> think, I don't understand what this means exactly).
>
> What I did (luckly, it is a custom content type) was to create a getme() call
> in my content type, which returns self.
>
> so:
>
> status_info =
> wftool.getStatusOf("rivista_elettronica_publication_workflow", obj.getme())
> <- return myself really!
> status_id = status_info['review_state']
>
> and this works!
>
> So, the question is, why obj =
> self.context.unrestrictedTraverse(abs.getPath()) (abs is the brain) don't
> return the obejct in a "good" way, so the workflow tool can handle it? What
> is the right way to do pass the object to getStatusOf?
>
> P.S: abs.getObject() does not to work because the user does not have access
> to that object (even if I'm on a browser view):
You could shortcut the security using another security manager and use
abs.getObject()
from AccessControl.SpecialUsers import system
from AccessControl.SecurityManagement import getSecurityManager,
setSecurityManager, newSecurityManager
...
# Working as Manager whatever actual user privileges
old_sm = getSecurityManager()
newSecurityManager(request, system)
try:
# Make some stuff with Manager privileges
...
finally:
# We restore the canonicalsecurity policy for actual user
setSecurityManager(old_sm)
....
Be careful but this works for me in similar situations...
HTH
--
Gilles Lenfant
>
> Module Products.ZCatalog.CatalogBrains, line 86, in getObject
> Module OFS.Traversable, line 301, in restrictedTraverse
> Module OFS.Traversable, line 232, in unrestrictedTraverse
> - __traceback_info__: ([], 'lxyzw')
> Unauthorized: You are not allowed to access 'lxyzw' in this context
>
> _______________________________________________
> Product-Developers mailing list
> [email protected]
> https://lists.plone.org/mailman/listinfo/plone-product-developers
_______________________________________________
Product-Developers mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-product-developers
