[Zope] has_permission for arbitrary user

Mark N. Gibson mark@kaivo.com
Fri, 7 Sep 2001 17:36:44 -0600 (MDT)


> 
> > 
> > Mark N. Gibson writes:
> >  > <dtml-if expr="acl_users.getUser('someuser').has_permission('Change DTML
> >  > Document',this())">
> >  >                Yes
> >  >             <dtml-else>
> >  >                No
> >  >             </dtml-if>
> >  > 
> >  > Unfortunately, has_permissions seems to be implented to call
> >  > has_permission on the currently logged in user; i.e. AUTHENTICATED_USER.
> > I doubt this very much!
> > 
> > But "getUser" is probably protected.
> > You may consider using a proxie role...
> > 
> 
> Here's the code for has_permission from the BasicUser Class
> 
>     def has_permission(self, permission, object):
>         """Check to see if a user has a given permission on an object."""
>         return getSecurityManager().checkPermission(permission, object)
> 
> Draw your own conclusions.
> 

> I wrote my own to deal with the problem:
Oops.  There's a typo in the code below, should be
> 
> def hasPermissions( user, obj, permissions ):
>     """ check to see if user has permissions for object """
> 
> #   if type(permissions) == type(''):
> #       roles = [roles]
     if type(permissions) == type(''):
         permissions = [permissions]
> 
>     #get  roles for user, include local roles on obj
>     userRoles=user.getRoles() + obj.get_local_roles_for_userid(user.getUserName())
>     for perm in permissions:
>        objRoles=obj.rolesOfPermission(perm)
>        for oRole in objRoles:
>           if oRole['name'] in userRoles:
>              if oRole['selected']:
>                 return 1
>     return 0
> 
> 
> > Dieter
> > 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>