Hi,

On Sun, Jan 15, 2006 at 11:20:47AM -0500, Stephan Richter wrote:
> On Thursday 12 January 2006 08:13, Frank Burkhardt wrote:
> > but the problem remains: canAccess returns True for all inaccessible
> > objects.
> 
> It is hard to guess where your setup is wrong. Does it not work for unit 
> tests, ftests and/or the full application?

The full application.

In a browser:view I want to query my Catalog to return a list of objects:

 list = catalog.searchResults(content='findme')

list contains a list of objects containing the word 'findme'. Now I
want to filter the list to contain only obj, the current principal
has access to.

 permitted_list=[]
 for obj in list:
    if canAccess(obj,'__call__'):
       permitted_list.append(obj)

But there's no security proxy wrapping 'obj' s from 'list'.

How do I securityproxify 'obj' before being checked by canAccess so that the
result of canAccess reflects if the current principal is allowed to access
'obj' ?

Maybe I'm completly wrong and there's another way to filter searchresults
for objects, the user has access to?

Regards,

Frank


_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to