[Zope] context.user at ImplPython.py

Martijn Pieters mj at zopatista.com
Fri Mar 23 11:56:29 EDT 2007


Please keep the mailing list in the loop, others may have insights too.

On 23. mar. 2007, at 15.37, Garito wrote:
>> > If you read the link I put, you could read I can create (with
>> > CrearFuncionalidad) but not delete it (with BorrarFuncionalidad)  
>> that seems
>> > to have the same security necessities
>>
>> Return a callable from your traverser (so return the __call__, don't
>> call it yourself). The publisher will call it for you after the user
>> has been authenticated.
>
> As Dieter said __bobo_traverse__ can't return strings or ints for  
> that I create (as he tall me, thanks again) a wrapper that returns  
> the rendered code

Fine, that's what I ment. But your wrapper should implement a  
__call__ method. The publisher will call that method at a time where  
security *has* been set up.

Do make sure that you wrap your wrapper in the correct security  
context though:

class Wrapper(Acquisition.Implicit):
     def __call__(self):
         # Things that need a security context need to be done here.
         return getSecurityManager().getAuthenticatedUser().getId()

class SomeItem(SimpleItem):
     def __bobo_traverse__(self, REQUEST, name):
         if name == 'Wrapper':
             return Wrapper().__of__(self)
         else:
             return getattr(self, name)

This way the security policies can still look up the security context.

--
Martijn Pieters


More information about the Zope mailing list