[Zope3-Users] Permissions of a given object

Frank Burkhardt fbo2 at gmx.net
Thu Jan 12 07:01:17 EST 2006


Hi,

On Thu, Dec 15, 2005 at 10:27:00AM +0100, Dominik Huber wrote:
> Frank Burkhardt wrote:
> 
> >Hi,
> >
> >when I search using a catalog, I get a list of persistent objects
> >but maybe there are objects among them, the calling user
> >doesn't have permissions for.
> >
> >How do I check, if the current user (the one calling the view
> >which queries the catalog) is allowed to view an object?
> > 
> zope.security.checker.canAccess and .canWrite

Thank you, Dominik. Unfortunately I'm not able to connect all the puzzle
pieces.

I would like to test, if the current principal is allowed to access
the defaultview of an object ('obj'). This is what I try:
 
 for obj in catalog.searchResults(content=searchquery):
    view=zapi.queryMultiAdapter((obj,self.request),name='view.html')
    try:
       canAccess(view,'__call__')
       search_results.append(obj)
    except:
       """object inaccessible"""

But canAccess never fails here - even if the object is inaccessible.
I've got 2 questions:

   * How do I securityproxy an object like 'view' or is there another way to
     test, if the current principal is allowed to access the object?
   * How doI determine the name of the browser:defaultView configured via ZCML?

Regards,

Frank


More information about the Zope3-users mailing list