[Erp5-dev] related value list and permissions to objects
Bartłomiej Górny
bartek at redpoint.mn.pl
Fri Feb 17 15:07:39 CET 2006
Bartłomiej Górny wrote:
>
> Hi
>
> Question: how to get a list of related objects, but only those to which
> the current user has view permissions?
>
> If I use portal_catalog, then it returns only objects to which I have
> 'view' permission, which is logical. But from what I see a function like
> 'getXXXRelatedValueList' returns a complete list, and then kicks me out
> because I'm not allowed to view some of the objects returned. What's the
> solution, if any?
What I came up so far is:
from AccessControl import getSecurityManager
sm=getSecurityManager()
return [ob for ob in context.getXXXRelatedValueList() if
sm.checkPermission('View',ob)]
Plus, I have to have an 'Access content information' permission to an
object to be able to list it or check anything on it. Which, all in all,
makes some sense. Is this the right way to do it?
And, still, is there a shorthand way to get only 'allowed' object
without doing such 'manual' checks?
Bartek
>
> Bartek
>
--
"Software is largely a service industry operating under the persistent
but unfounded delusion that it is a manufacturing industry."
Eric S.Raymond, "The Magic Cauldron"
More information about the Erp5-dev
mailing list