On Thu, Dec 15, 2005 at 10:27:00AM +0100, Dominik Huber wrote:
> Frank Burkhardt wrote:
> >when I search using a catalog, I get a list of persistent objects
> >but maybe there are objects among them, the calling user
> >doesn't have permissions for.
> >How do I check, if the current user (the one calling the view
> >which queries the catalog) is allowed to view an object?
> zope.security.checker.canAccess and .canWrite
Thank you, Dominik. Unfortunately I'm not able to connect all the puzzle
I would like to test, if the current principal is allowed to access
the defaultview of an object ('obj'). This is what I try:
for obj in catalog.searchResults(content=searchquery):
But canAccess never fails here - even if the object is inaccessible.
I've got 2 questions:
* How do I securityproxy an object like 'view' or is there another way to
test, if the current principal is allowed to access the object?
* How doI determine the name of the browser:defaultView configured via ZCML?
Zope3-users mailing list