[Zope-dev] Objects, Roles and Permissions

richard@bizarsoftware.com.au richard@bizarsoftware.com.au
Tue, 10 Apr 2001 09:54:45 +1000


Danny William Adair wrote:
> what's the fastest way to find out whether a specific role has a specific
> permission on a specific object? What's the fastest way to find out if it's
> acquired?
> 
> Even more interesting:
> How would I find out whether a specific role has a specific permission on a
> specific object, _taking_acquired_rights_into_account_??? In other words
> (management screen): "View" permission is not checked for the Anonymous
> role, but acquired. Therefore the "Anonymous" role maybe _does_ have the
> permission to "View" this object, through acquisition. Would I have to climb
> up the ladder manually and check every parent until acquisition has been
> "turned off", or is there some function - even if it's only available for an
> external method - that already does this work?
> 
> I looked through the ZMI pages (and the .py's under
> "lib/python/AccessControl") but couldn't find anything useful for this
> purpose. Iterating through permission_settings takes too long and I don't
> know how to access the specific roles/permissions directly (by name), mainly
> because mapping constructions like "p199r0" are not very handy...

I whined about this a little while ago under the subject "Determining
Acquired Permissions?" on the 26th of March.

The standard manage_access doesn't display the actual acquired permissions,
just that they are acquired. Anyway, here's a code snippet I use to figure
the roles allowed to"View". Feel free to expand the method to other roles
and the full suite of permissions. The roles are obtained using
self.valid_roles(). The permissions are obtained using
self.ac_inherited_permissions(1). Spaces become underscores in permission
names.

    def viewPermissions(self, acquired=0):
        ''' walk up the acquisition path to find a _View_Permission
            attribute...  possibly _only_ the acquired permissions.
        '''
        chain = self.aq_chain
        if acquired:
            chain = chain[1:]
        for self in chain:
            if hasattr(self.aq_base, '_View_Permission'):
                return self._View_Permission
        return ['Manager']


As I stated in my last email on this subject, I'm really uncomfortable
using a 'private' attribute like _View_Permission in this way. I could see
no other way to get the information though...


     Richard

-- 
Richard Jones
richard@bizarsoftware.com.au
Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)