[Zope-dev] Object ownership
Ross Boylan
RossBoylan@stanfordalumni.org
Mon, 13 Dec 1999 00:43:06 -0800
At 07:33 AM 12/13/99 GMT, Thilo Mezger wrote:
>Ross Boylan <RossBoylan@stanfordalumni.org> wrote:
>> I've been making some assumptions about how ownership works, and I'd
>> appreciate it if anyone could tell me if they are right.
>
>> 1) The owner of an object is the authenticated user when the script that
>> creates it runs.
>
>can you tell me how i can find out the owner of an object? i've been
>searching the source code for getOwner() methods or something like
>that but couln't find anything...
>
>thilo
>
Unfortunately, I can't. It's something else I'd like to know. My guess is
that it's part of the object database (bobobase) code. On the other hand,
since permissioning is run by the object publisher, it can't be entirely
there.
I have turned up the following clues while poking around:
1. Here's how lib/python/ZPublisher/test.py pretends it's a user
if u:
import base64
env['HTTP_AUTHORIZATION']="Basic %s" % base64.encodestring(u)
u is a string "username:password"
env can be an empty dictionary
2. here's code from Client.py
if (self.username and self.password and
not headers.has_key('Authorization')):
headers['Authorization']=(
"Basic %s" %
replace(encodestring('%s:%s' %
(self.username,self.password)),
'\012',''))
3. BaseRequest.traverse does the authorization checks, and the following
variables figure in it: __allow_groups__
validate