[Zope] Q: filtering search results by checkPermission?

Dieter Maurer dieter@handshake.de
Fri, 14 Jun 2002 21:03:24 +0200

Noel Burton-Krahn writes:
 > I'm trying to filter a search results list to remove documents which the
 > current user doesn't have permission to view.  I wrote a python script which
 > tries to do just that.  I call
 >     checkPermission('View', x.absolute_url)
You need to check the object itself, not its URL.

If "x" is an element of a catalog search, it is in fact not the
object itself, but a proxy. You use its "getObject()" method
to get at the object.

Some objects are itself protected by the "View" permission.
Then, even accessing them with "getObject" will raise an
"Unauthorized" exception.

Therefore, you use:

	   allowed= 0
	   try: allowed= checkPermission('View',x.getObject())
	   except: pass

Of course, this assumes, you have beforehand assigned
"getSecurityManager().checkPermission" to "checkPermission".