On Wednesday 12 October 2005 06:07, Michael Kerrin wrote: > Hi All, > > I am having a problem with permissions and security in zope.app.ftp > > The writable method in FTPView basically uses adapter lookup on > IWriteFile and tests this adapter if it has a 'write' attribute in > order to test if a user can write to the specified file. > > The problem is this seems to be always true (assuming the user has > permission to list the names in the directory otherwise an Unauthorized > exception is thrown, (this is my next problem to fix). The adapter > configuration for IWriteFile in zope.app.file has the permission of > zope.ManageContent on it. But has far has I can see this permission is > only tested if, in this case the write method, is called.
Okay, so I think the better test would be: from zope.security.XXX import canAcess canAccess(IWriteFile(obj), write) I hope the canAccess() function will work. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training _______________________________________________ Zope3-dev mailing list Zope3email@example.com Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com