[Zope-CMF] Re: _checkPermission problems

seb bacon seb@jamkit.com
Thu, 28 Jun 2001 17:34:52 +0100


* Shane Hathaway <shane@digicool.com> [010628 15:10]:
> On Thursday 28 June 2001 09:26, seb bacon wrote:
> > SecurityManagement.getSecurityManager() tries to get a SecurityManager
> > for the current thread, fails, and returns a default SecurityManager
> > with a context which sets the user to be Anonymous.
> 
> It sounds like you might be using checkPermission() before 
> authentication has occurred.  What are you working on?

Right, the penny is beginning to drop.  I'm in over my head (again...)
here, unfortunately.  I'm trying to hook the default view of my
content type, to return different actions dependent on various
circumstances.  

I based the code on the PortalContent code from a while ago, and it
worked fine.  This code munged the default view of the object by
making _index_html  a ComputedAttribute.  This is where I'm checking
permissions, which means it's taking place before authentication,
right?

So, I looked at PortalContent again, and you've changed it so it can
verify object permissions as we discussed some time ago, this time by
overriding __call__ and doing the following trick:

 index_html = None  # This special value informs ZPublisher to use __call__

Now, my problem (and this is where I start drowning), is that I'm
already overriding __call__ to hook BeforeTraverse.  I'm not even sure
how to use BeforeTraverse, I just copied some code from SiteAccess.
But AFAICT, once you've registered an object with BeforeTraverse, it
hooks to the __call__ of the object?

I can't mix my BeforeTraverse and my index_html/__call__ code, because
they do different things.

Any ideas how I can extricate myself from this mess?

Cheers :-)

seb