[Zope-dev] ZCatalog: hiding search results from unauthorized users - hack

Igor Stroh stroh@scan-plus.de
Fri, 16 Nov 2001 14:04:53 +0100


Hi all,

in case someone have same problem as me (see "ZCatalog - hiding query
results" thread for more info) - I got a solution:

- create a product that subclasses ZCatalog
- in this product overwrite ZCatalog.getobject with

  def getobject(self, rid):
      """foo"""
      obj = self.aq_parent.unrestrictedTraverse(self.getpath(rid),\
                                                restricted=1)
      return obj

- create a python script in your catalog (e.g. "filterCat") with a
  parameter that reoresents the catalog itself ("brains" here):

  retval = []
  for brain in brains:
    try:
      obj = container.getobject(brain.getRID())
      retval.append(brain)
    except:
      pass
  return retval

- adjust your catalog query reports, so that they call
  "filterCat(_['<catalogname>'])" instead of <catalogname>

Now your users see only those hits in a query which apply to objects they
are allowed to "View".

greetings,
Igor