[Zope] RE: What method do I use to check access? (and how do I do 'getitem' in an external method?)

Howard Clinton Shaw III shawh@sths.org
Fri, 11 Jun 1999 12:11:09 -0500 

On Thu, 10 Jun 1999, Jay, Dylan wrote:
> > -----Original Message-----
> > From: Howard Clinton Shaw III [mailto:shawh@sths.org]
> > Sent: Wednesday, June 09, 1999 05:32
> > To: Jay, Dylan
> > Cc: 'zope@zope.org'
> > Subject: RE: [Zope] RE: What method do I use to check access? (and how
> > do I do 'getitem' in an external method?)
> > 
> > 
> > On Mon, 07 Jun 1999, Jay, Dylan wrote:
> > <snip>
> > > 
> > > Ok, I'm still working on the problem. I've come upon a snag 
> > however. If I
> > > pass in SomeObject above I will get an "You are not 
> > authorized to access
> > > SomeObject" error. So instead I need to pass in the object 
> > id and get the
> > > object myself. However I have had no luck working out how 
> > to do this. What I
> > > need is the getitem method in an external method. Searching 
> > through all the
> > > code as left me none the wiser.
> > > 
> > > Here's the closest I have.
> > > 
> > > from AccessControl.Permission import Permission
> > > 
> > > def hasPermission(self, pname, objName, AUTHENTICATED_USER):
> > >   SomeObject = self.__getitem__(objName)
> > 
> > try this.
> > SomeObject = eval('self.'+pname)
> > 
> > However, indications from the above are that it might give an 
> > error; if so, can be
> > much easier....
> > try:
> > 	SomeObject = eval('self.'+pname)
> > except:
> > 	# He ain't allowed to do that
> > else:
> > 	# He is allowed to do that
> > 
> > And not have to fight with any permissions stuff.
> 
> Don't think that will ever work because there is NO validation of security
> inside an external method. This might work if it was done in dtml and there
> was a way of catching exceptions. However I believe this would be an
> expensive way of doing it if evaluating the object was expensive.

That's a good point.  A while back someone posted a try:except tag for DTML.
Might need to check into that.
--
Howard Clinton Shaw III - Grum
St. Thomas High School
#include "disclaimer.h"