[Zope3-Users] Re: how to know if a principal has the
Philipp von Weitershausen
philipp at weitershausen.de
Mon Aug 28 14:35:10 EDT 2006
Lorenzo Gil Sanchez wrote:
> El dom, 27-08-2006 a las 23:53 +0200, Philipp von Weitershausen
> Nice, I didn't know about those and I ended writing my own solution:
> def canAdd(self):
> interaction = ZopeSecurityPolicy()
Ack. Just get the current interaction with
zope.security.management.getInteraction(). With this code you're
hard-wiring yourself to the security policy in zope.app.securitypolicy.
> return interaction.checkPermission("zope.ManageContent",
> I'm trying to know if the user can add an item to a container. I don't
> know how to do that with zope.security.canWrite. I tried with
> zope.security.canWrite(self.context, '__data')
> since my container inherits from SampleContainer and the '__data'
> attribute is a dictionariy like objet where the children are stored. I
> get a ForbiddenAttribute exception with that code.
Right. Because you're not supposed to poke at __data. The two
underscores should scare you off!
By the way, this is a rule of thumb:
Whenever you get ForbiddenAttribute errors, you're doing something
1. you're missing security declarations
2. you're accessing something that purposely has no security
declarations because you're not supposed to access it.
Most of the times when newbies hit ForbiddenAttribute, it's #1. In your
case it's #2.
If you would take advantage of interfaces and look at IContainer, you
would see that contianers are like mappings (=dictionaries). Therefore,
in order to add something in the container, you need to be able to
access the __setitem__ method. Check for that and you'll be all set.
More information about the Zope3-users