-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fabio Corneti wrote: > Hi all, > some days ago I needed a way to have portal_catalog.searchResults support > proxy roles; > after a bit of searching I found this patch for CMFCatalog (which has been > integrated > into trunk): > > http://www.zope.org/Collectors/CMF/380 > > In this patch, the current user roles are replaced by the proxy roles (if > these are defined): > > def _listAllowedRolesAndUsers(self, user): > effective_roles = user.getRoles() > sm = getSecurityManager() > if sm.calledByExecutable(): > eo = sm._context.stack[-1] > proxy_roles = getattr(eo, '_proxy_roles', None) > if proxy_roles is not None: >>>> effective_roles = proxy_roles > result = list( effective_roles ) > result.append( 'Anonymous' ) > result.append( 'user:%s' % user.getId() ) > return result > > Should proxy roles completely overwrite user roles or they should be added > like in the > example below? > > effective_roles = list(effective_roles) + list(proxy_roles)
In the Zope2 security model, proxy roles are supposed to replace the user's roles, rather than extending them. If the script which has the proxy role of Manager breaks for you using the patch, then you need to grant any extra roles to the script as well (what roles are these, that have permissions not granted to Manager?) Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZkoI+gerLs4ltQ4RAoMfAJoDTnaeHLkU0L9OHyFPHZpAUncoEgCfe3qR r1OiO2hfw1fgNKT3rIuBib8= =h/wC -----END PGP SIGNATURE----- _______________________________________________ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests