[Zope] strange behaviour of user.has_permission

Stuart Bishop zen@shangri-la.dropbear.id.au
Wed, 7 May 2003 14:12:49 +1000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Saturday, May 3, 2003, at 06:33  AM, robert wrote:

> Hi there,
> I have a freshly created plone portal.
> I added a user "schmid" with no roles at all
> I added a document "Doc"
>
> Then I created a script that tested for all permissions wheter user 
> schmid has
> it.
> The following script returned  true on every permission.
> This  is very wrong.
> What is the problem ??

user.has_permission is actually checking if the currently authenticated
user (you) has the specified permission - not schmid.

There is a Collector issue open about this behaviour
(http://collector.zope.org/Zope/514/view), but nobody has gotten around
to fixing it yet. Unless you feel like patching
lib/python/AccessControl/User.py, you are going to have to find another
way to do what you need.

- -- 
Stuart Bishop <zen@shangri-la.dropbear.id.au>
http://shangri-la.dropbear.id.au/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+uIfGh8iUz1x5geARApPIAJ0V139DLRKihF8o7nloVphetr6V/ACglLXJ
h1cHF7i6cV2DcjpCrIYfUZc=
=uYPc
-----END PGP SIGNATURE-----