> a quick way to check this and roles in general, is put together a python  
> script that shows the users roles and permissions in context, as a quick  
> example, here's one i use on occassion (check_roles).. and just invoke by  
> in the url after the context, by appending check_roles.
> member = context.portal_membership.getAuthenticatedMember()
> print "uid", member.getId()
> print "email", member.getProperty('fullname'), member.getProperty('email')
> print "groups", member.getGroups()
> print "roles context", member.getRolesInContext( context )
> print "perm reply", context.portal_membership.checkPermission('Reply to  
> item', context)
> print "perm add", context.portal_membership.checkPermission('Add portal  
> content', context)
> print "perm modify", context.portal_membership.checkPermission('Modify  
> portal content', context)
> print "discuss", context.portal_discussion.isDiscussionAllowedFor(context)
> return printed
> hth,
> kapil

Kapil, I'm close.   My goal is to make objects inaccessible if the user doesn't 
have the correct dynamic permission.   So for objects that the user can't see, 
they have no "view" permission.  For objects that they can see, the user gets a 
role called DYNAMIC with the "view" and "access contents information" 
permission.  Using your script, I see the following:

  roles context ['Member', 'Authenticated', 'DYNAMIC']
  access contents 1
  view 1

But if I add the following line to your script:

  print "title", context.Title()

Verbose Security reports the following:

  Access to 'Creator' denied ... Access requires one of the 
  following roles:  ['DYNAMIC', 'Manager', 'Owner', 'Reviewer'].  
  Your roles in this context are ['Authenticated', 'Member'].

What am I missing?  Is there some other object that is being accessed, or is 
there some other permission other than 'View' and 'Access Contents Information' 
that needs to be given?

Thanks very much for your help!

Zope-PAS mailing list

Reply via email to