[Erp5-dev] checking view permission on an unaccessible object
Romain Courteaud
romain at nexedi.com
Tue Nov 14 18:55:14 CET 2006
* Bartek Gorny [2006-11-14 18:26:06 +0100]:
> Hi
>
> I have a funny problem: I have an object's path and I have to check if
> I have a View permission on the object, but obviously sometimes I
> don't have it, nor Access Content Information permission. The problem
> is that to check permissions (by getSecurityManager().checkPermission
> or other similar ways) I have to get the object, and I am not
> authorized to do it. Then the "Unauthorized" exception is thrown.
>
> I could try to catch the exception, but I'm doing it from a ZMI Python
> script - to catch the exception I have to import its class, but in ZMI
> importing Unauthorized is - well, unauthorized...
>
> And I'm stuck. The only way I can think of to solve this problem is to
> search for the object in portal_catalog (by relative_url) and see if
> it returns something - does it make sense, or is it a waste of
> resources?
You can use something like:
# Try to access the object
# If None is returned, you don't have access permission
obj = portal.restrictedTraverse(obj_path, None)
if obj is not None:
# You can access it, so test the permission you which
portal.portal_membership.checkPermission('Permission name', obj):
Romain
More information about the Erp5-dev
mailing list