On Jan 17, 2006, at 10:38 AM, Frank Burkhardt wrote:
Hi,
On Sun, Jan 15, 2006 at 11:20:47AM -0500, Stephan Richter wrote:
On Thursday 12 January 2006 08:13, Frank Burkhardt wrote:
but the problem remains: canAccess returns True for all inaccessible
objects.
It is hard to guess where your setup is wrong. Does it not work
for unit
tests, ftests and/or the full application?
The full application.
In a browser:view I want to query my Catalog to return a list of
objects:
list = catalog.searchResults(content='findme')
list contains a list of objects containing the word 'findme'. Now I
want to filter the list to contain only obj, the current principal
has access to.
permitted_list=[]
for obj in list:
if canAccess(obj,'__call__'):
permitted_list.append(obj)
But there's no security proxy wrapping 'obj' s from 'list'.
How do I securityproxify 'obj' before being checked by canAccess so
that the
result of canAccess reflects if the current principal is allowed to
access
'obj' ?
1) adding a security proxy is done with
zope.security.checker.ProxyFactory
2) canWrite and canAccess already do this for you: the code you list
should work without modification of the sort that you describe.
Maybe I'm completly wrong and there's another way to filter
searchresults
for objects, the user has access to?
The meaning of "objects a user can access" varies significantly from
application to application. You will probably want to optimize this
filter by creating an index eventually. For some policies and
questions, this might be hard to do well. We'll be releasing an
index that does this sort of thing for one kind of use case soon, but
it doesn't precisely match what you are doing here. You'll probably
want to think about this problem for your app and see how you can
index the data.
Gary
_______________________________________________
Zope3-users mailing list
[email protected]
http://mail.zope.org/mailman/listinfo/zope3-users
