Hi, On Sun, Jan 15, 2006 at 11:20:47AM -0500, Stephan Richter wrote: > On Thursday 12 January 2006 08:13, Frank Burkhardt wrote: > > but the problem remains: canAccess returns True for all inaccessible > > objects. > > It is hard to guess where your setup is wrong. Does it not work for unit > tests, ftests and/or the full application?
The full application. In a browser:view I want to query my Catalog to return a list of objects: list = catalog.searchResults(content='findme') list contains a list of objects containing the word 'findme'. Now I want to filter the list to contain only obj, the current principal has access to. permitted_list= for obj in list: if canAccess(obj,'__call__'): permitted_list.append(obj) But there's no security proxy wrapping 'obj' s from 'list'. How do I securityproxify 'obj' before being checked by canAccess so that the result of canAccess reflects if the current principal is allowed to access 'obj' ? Maybe I'm completly wrong and there's another way to filter searchresults for objects, the user has access to? Regards, Frank _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users