Hi all,

I don't know if it's the right list to post to, but I have the following
I have several objects (documents, folders etc) that are accessible only
by a certain user role, this objects are cataloged. Now if I query the
catalog the brains of these objects are returned correctly, but to _all_
users that issue a query. That means, users that don't have the permission
to "View" or "Access Content Information" can see the brains as well...
I tried to filter the result set by converting the brains into real
objects (brain.getObject) in an external method (I thought, this way I
should be able to exclude unauthorized users by adding the
"skip_unauthorized" to the dtml-in), but that doesn't work
since there are "brains" that are actually NoBrainer instances...

Does anyone have an idea of how I could solve this problem?
Actually I thought this kind of "information hiding" is supported by basic
ZCatalog machinery, but now it looks like I'll have to hack a

Any help greatly appreciated.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to