Pregunta
I thought this must be easy but I really have troubles figuring it out: I'd like to check for an acquired permission of a role on an object.
I don't want to check for the actual user's roles or permissions, I just want to check i.e. if on an object Anonymous has the permission 'Access contents information'. This is easy if the permission is set on the object in question, but proves more difficult when the permission is acquired.
I tried this:
https://stackoverflow.com/questions/13426188
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussiansiteRoles = ('Anonymous', 'myRole1', 'myRole2', 'Manager')
permission = 'Access contents information'
rolesDictList = self.rolesOfPermission( permission )
roles = [roleDict['name'] for roleDict in rolesDictList if roleDict['selected']]
for i, role in enumerate(siteRoles):
if role in roles:
roleMin = i
break
return roleMin
This does not work, because it does not give the acquired permissions.
My next idea was to walk through the parents upward until I find some permissions that are not acquired. But this would not really solve the problem, as it would ignore permissions that are set higher up in the hierarchy (ok, I could check for acquired and continue upward). Also there is an oddity: 'Manager' is always selected in rolesOfPermission. Why is this so?
Anyway, I presume there must be a simpler way to do this?
Solución
Simply use the rolesForPermissionOn() function:
from AccessControl.PermissionRole import rolesForPermissionOn
roles = rolesForPermissionOn(permission, context)
This returns a list of roles that have the specific permission for the given context. It'll walk the acquisition chain as needed.
