[Zope] Re: [Zope-dev] Security validation issue

Lennart Regebro regebro at nuxeo.com
Wed Jan 28 10:15:53 EST 2004


[Replying to zope at zope.org, since zope-dev at zope.org is for development of
Zope, not development with Zope, whether I like it or not. :-)]

From: "Herman Geldenhuys" <hgeldenhuys at gims.com>
> if not AccessControl.getSecurityManager().validate(None, object,
attributes[-1]):
>                        raise UnauthorisedAccessException('Unauthorised: '
+ originalAddress)

>This code works for any other default Zope type, but not mine. Did I
perhaps forgot a permission or >something?

Hmm. You called a securitymanagers validate with the following parameters:

accessed=None # The object being accessed
container=bound method HWMenuItem.getVersion # The container of the object.
name="getVersion" # the username
value=None
roles=_noroles

This makes absolutely no sense to me whatsoever. What are you trying to
accomplish, and what is the expected effects?

I'm not 100% sure which is the best way to validate access, but normally you
use
    user.allowed(object)
Maybe that doesn't work on methods? I haven't tried.

//Lennart





More information about the Zope mailing list