[Zope] can't use filter to check permission?

Milos Prudek prudek at bvx.cz
Thu Oct 9 09:56:05 EDT 2003


The following Python script, when invoked in a folder, should list all 
ZPT methods that the current user can "View.

from AccessControl import getSecurityManager
checkPermission = getSecurityManager().checkPermission

def okPermissionView(item):
    allowed= 0
    try:
        allowed= checkPermission('View', item)
    except:
        pass
    return allowed

objects = context.objectValues('Page Template')
objects = filter(okPermissionView,objects)
for item in objects:
     print item.getId()
return printed

It works for Managers (who can view anything), but it fails with 
Unauthorized at the "objects = filter(..." line.

When I unfold the source so that filter is not used, it works without a 
hitch. See the "unfolded" source below:

from AccessControl import getSecurityManager
checkPermission = getSecurityManager().checkPermission
objects = context.objectValues('Page Template')
for item in objects:
    allowed= 0
    try:
        allowed= checkPermission('View', item)
    except:
        pass
    if allowed:
        print item.getId()
return printed


Does anybody know what's going on here???


-- 
Milos Prudek
_________________
Most websites are
confused chintzy gaudy conflicting tacky unpleasant... unusable.
Learn how usable YOUR website is! http://www.spoxdesign.com




More information about the Zope mailing list