On Jan 17, 2006, at 10:38 AM, Frank Burkhardt wrote:


On Sun, Jan 15, 2006 at 11:20:47AM -0500, Stephan Richter wrote:
On Thursday 12 January 2006 08:13, Frank Burkhardt wrote:
but the problem remains: canAccess returns True for all inaccessible

It is hard to guess where your setup is wrong. Does it not work for unit
tests, ftests and/or the full application?

The full application.

In a browser:view I want to query my Catalog to return a list of objects:

 list = catalog.searchResults(content='findme')

list contains a list of objects containing the word 'findme'. Now I
want to filter the list to contain only obj, the current principal
has access to.

 for obj in list:
    if canAccess(obj,'__call__'):

But there's no security proxy wrapping 'obj' s from 'list'.

How do I securityproxify 'obj' before being checked by canAccess so that the result of canAccess reflects if the current principal is allowed to access
'obj' ?

1) adding a security proxy is done with zope.security.checker.ProxyFactory 2) canWrite and canAccess already do this for you: the code you list should work without modification of the sort that you describe.

Maybe I'm completly wrong and there's another way to filter searchresults
for objects, the user has access to?

The meaning of "objects a user can access" varies significantly from application to application. You will probably want to optimize this filter by creating an index eventually. For some policies and questions, this might be hard to do well. We'll be releasing an index that does this sort of thing for one kind of use case soon, but it doesn't precisely match what you are doing here. You'll probably want to think about this problem for your app and see how you can index the data.


Zope3-users mailing list

Reply via email to