[Zope] RE: What method do I use to check access?

Michel Pelletier michel@digicool.com
Thu, 13 May 1999 01:50:58 -0400 

> -----Original Message-----
> From: Jay, Dylan [mailto:djay@lucent.com]
> Sent: Wednesday, May 12, 1999 11:28 PM
> To: 'Martijn Pieters'; 'Jason Spisak'; zope@zope.org
> Subject: RE: [Zope] RE: What method do I use to check access?
> 
> 
> 
> 
> > -----Original Message-----
> > From: Martijn Pieters [mailto:mj@antraciet.nl]
> > Sent: Tuesday, May 11, 1999 10:23 PM
> > To: Jay, Dylan; 'Jason Spisak'; zope@zope.org
> > Subject: Re: [Zope] RE: What method do I use to check access?
> > 
> > 
> > At 01:28 11/05/99 , Jay, Dylan wrote:
> > > > Jay,
> > > >
> > > > Try <!--#if "AUTHENTICATED_USER.has_role('foo')"-->.  
> There was an
> > > > excellent posting in the archives about all the 
> > possibilities with the
> > > > user object.  Also read the files in the AccessControl 
> > folder inside
> > > > Zope/lib/python.
> > >
> > >the has_role method I already use and is not convienient as 
> > it means I have
> > >to hard code the roles.
> > >I've looked in AccessControl and only come across
> > >def allowed(self,parent,roles=None):
> > >but was unsuccessful in getting it to do what I want.
> > >
> > >I will look for that email in the archives.
> > 
> > AUTHENTICATED_USER.allowed won't do what you want, I think. A now 
> > deprecated method that is now replaced by has_role was 
> > nothing more than an 
> > alias to the allowed() method, so you cannot get any (or much) more 
> > information from allowed() than you can get from has_role().
> > 
> > Explain to us what you want to do.
> 
> I want a method such that 
> <!--#if "AUTHENTICATED_USER.hasPermission('View',myDoc)"-->
> or something similar.
> 

I've never seen or used anything like this,  so perhaps you may want to
try to refactor your problem, otherwise:

Users don't have permissions, Users have roles.  Using the security
screen in the managment interface, you map which roles have which
permissions, and when you create Users, you give them roles.  If your
user is in a Role which has the 'View' permission associated with it,
then you don't need to do the #if check.  I think maybe what your
looking for is "Do any of my User's *Roles* map to the permission x?".
(Not using 'View' as an example because anonymous maps to 'View' by
default)

This would require a bit of tinkering, but it could be done with
AUTHENTICATED_USER.getRoles() and rolesOfPermission(x).  You may also
want to talk a look at AccessControl/Roles.py, there are several methods
defined in there to exampine roles and permissions, like
permissionsOfRole (the inverse of rolesOfPermision) and
acquiredRolesAreUsedBy.

-Michel

> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (For developer-specific issues, use the companion list,
> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>