[Erp5-dev] checking view permission on an unaccessible object

[Bartek Gorny]

On 14/11/06, Romain Courteaud <romain at nexedi.com> wrote:
> * Bartek Gorny [2006-11-14 18:26:06 +0100]:
>
> > Hi
> >
> > I have a funny problem: I have an object's path and I have to check if
> > I have a View permission on the object, but obviously sometimes I
> > don't have it, nor Access Content Information permission. The problem
> > is that to check permissions (by getSecurityManager().checkPermission
> > or other similar ways) I have to get the object, and I am not
> > authorized to do it. Then the "Unauthorized" exception is thrown.
> >
> > I could try to catch the exception, but I'm doing it from a ZMI Python
> > script - to catch the exception I have to import its class, but in ZMI
> > importing Unauthorized is - well, unauthorized...
> >
> > And I'm stuck. The only way I can think of to solve this problem is to
> > search for the object in portal_catalog (by relative_url) and see if
> > it returns something - does it make sense, or is it a waste of
> > resources?
>
> You can use something like:
>
> # Try to access the object
> # If None is returned, you don't have access permission
> obj = portal.restrictedTraverse(obj_path, None)

Great - the missing part was the second argument. Thanks a lot.

Bartek

> if obj is not None:
>   # You can access it, so test the permission you which
>   portal.portal_membership.checkPermission('Permission name', obj):
>
> Romain
> _______________________________________________
> Erp5-dev mailing list
> Erp5-dev at erp5.org
> http://erp5.org/mailman/listinfo/erp5-dev
>


-- 
"Software is largely a service industry operating under the persistent
but unfounded delusion that it is a manufacturing industry."
Eric S.Raymond, "The Magic Cauldron"