[Zope3-Users] Security related questions

Thierry Florac thierry.florac at onf.fr
Wed Jan 17 07:53:38 EST 2007 

Le mercredi 17 janvier 2007 à 11:06 +0100, FB a écrit :
> Hi,
> 
> On Tue, Jan 16, 2007 at 01:15:53PM -0500, Stephan Richter wrote:
> > On Tuesday 16 January 2007 12:39, FB wrote:
> > > is there a way to get all the permissions and roles, the current principal
> > > is associated to for a given object?
> > >
> > > Something like:
> > >
> > >  getAllRoles(context)
> > >  getAllPermissions(context)
> > 
> > No. You would have to write your own code doing that. Note that it really 
> > depends on the security policy on what roles and permissions are available.
> 
> My securitypolicy is z.a.securitypolicy :-) .

Hi,

I've written my own adapter to get the list of roles granted or denied
for a given principal, and the list of principals granted or denied for
a given role, always in the context of the adapted object ; you'll find
the source code into joined files, just having to configure it :

            <adapter
                factory=".manager.SecurityManager"
                provides=".interfaces.ISecurityManager"
                for="zope.annotation.interfaces.IAnnotatable"
                trusted="true" />
        
            <class class=".manager.SecurityManager">
                <allow
                    interface=".interfaces.ISecurityManager" />
            </class>
        
I'm far from sure if this is the best approach, but at list it works for
my own needs in the context of zope.app.securitypolicy.
Writing the same adapter to get the list of permissions (by iterating
throught the list of granted or denied roles and using the
IRolePermissionManager interface) shouldn't be too difficult...

Hope this will help you,

  Thierry Florac
-- 
  Chef de projet intranet/internet
  Office National des Forêts - Département Informatique
  2, Avenue de Saint-Mandé
  75570 PARIS Cedex 12
  Mél : thierry.florac at onf.fr
  Tél. : +33 01.40.19.59.64
  Fax. : +33 01.40.19.59.85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: interfaces.py
Type: text/x-python
Size: 2685 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope3-users/attachments/20070117/749ea439/interfaces.py
-------------- next part --------------
A non-text attachment was scrubbed...
Name: manager.py
Type: text/x-python
Size: 4890 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope3-users/attachments/20070117/749ea439/manager.py

More information about the Zope3-users mailing list