[Zope3-dev] zope.app.ftp, security, adapters
Stephan Richter
srichter at cosmos.phy.tufts.edu
Thu Oct 13 06:30:12 EDT 2005
On Wednesday 12 October 2005 06:07, Michael Kerrin wrote:
> Hi All,
>
> I am having a problem with permissions and security in zope.app.ftp
>
> The writable method in FTPView basically uses adapter lookup on
> IWriteFile and tests this adapter if it has a 'write' attribute in
> order to test if a user can write to the specified file.
>
> The problem is this seems to be always true (assuming the user has
> permission to list the names in the directory otherwise an Unauthorized
> exception is thrown, (this is my next problem to fix). The adapter
> configuration for IWriteFile in zope.app.file has the permission of
> zope.ManageContent on it. But has far has I can see this permission is
> only tested if, in this case the write method, is called.
Okay, so I think the better test would be:
from zope.security.XXX import canAcess
canAccess(IWriteFile(obj), write)
I hope the canAccess() function will work.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list