On Wednesday 12 October 2005 06:07, Michael Kerrin wrote:
> Hi All,
>    I am having a problem with permissions and security in zope.app.ftp
>    The writable method in FTPView basically uses adapter lookup on
> IWriteFile and tests this adapter if it has a 'write' attribute in
> order to test if a user can write to the specified file.
>    The problem is this seems to be always true (assuming the user has
> permission to list the names in the directory otherwise an Unauthorized
> exception is thrown, (this is my next problem to fix). The adapter
> configuration for IWriteFile in zope.app.file has the permission of
> zope.ManageContent on it. But has far has I can see this permission is
> only tested if, in this case the write method, is called.

Okay, so I think the better test would be:

from zope.security.XXX import canAcess
canAccess(IWriteFile(obj), write)

I hope the canAccess() function will work.

Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to