Re: [Zope-dev] ZCatalog: hiding search results from unauthorized users - hack
The problem with this solution is that you must wake up every object
found, thus negating the performance/memory advantaged of ZCatalog's
lazy result sets.
Since you said (in your other message) that the restriction is by role,
couldn't you just index the roles allowed to view a given object and
then filter on that index. The caveat with that is that you would need
to reindex whenever the access settings changed. So, this would need to
be done in such a way in your application so that the objects could be
indexed when the security settings changed. This would make implicit
(acquired) security changes difficult to handle.
On the bright side, you wouldn't need to subclass ZCatalog, or bring all
the results into memory and validate each one. Thats *extremely*
expensive. All you would need to do is create a method or python script
that returned a list of roles allowed to "view" an object, and then
create a keyword index on this method/script.
hth,
Casey
Igor Stroh wrote:
> Hi all,
>
> in case someone have same problem as me (see "ZCatalog - hiding query
> results" thread for more info) - I got a solution:
>
> - create a product that subclasses ZCatalog
> - in this product overwrite ZCatalog.getobject with
>
> def getobject(self, rid):
> """foo"""
> obj = self.aq_parent.unrestrictedTraverse(self.getpath(rid),\
> restricted=1)
> return obj
>
> - create a python script in your catalog (e.g. "filterCat") with a
> parameter that reoresents the catalog itself ("brains" here):
>
> retval = []
> for brain in brains:
> try:
> obj = container.getobject(brain.getRID())
> retval.append(brain)
> except:
> pass
> return retval
>
> - adjust your catalog query reports, so that they call
> "filterCat(_[''])" instead of
>
> Now your users see only those hits in a query which apply to objects they
> are allowed to "View".
>
> greetings,
> Igor
>
> ___
> Zope-Dev maillist - [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
>
>
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZCatalog: hiding search results from unauthorized users - hack
Hi all,
in case someone have same problem as me (see "ZCatalog - hiding query
results" thread for more info) - I got a solution:
- create a product that subclasses ZCatalog
- in this product overwrite ZCatalog.getobject with
def getobject(self, rid):
"""foo"""
obj = self.aq_parent.unrestrictedTraverse(self.getpath(rid),\
restricted=1)
return obj
- create a python script in your catalog (e.g. "filterCat") with a
parameter that reoresents the catalog itself ("brains" here):
retval = []
for brain in brains:
try:
obj = container.getobject(brain.getRID())
retval.append(brain)
except:
pass
return retval
- adjust your catalog query reports, so that they call
"filterCat(_[''])" instead of
Now your users see only those hits in a query which apply to objects they
are allowed to "View".
greetings,
Igor
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCatalog: hiding search results from unauthorized users - hack
On Fri, 16 Nov 2001 13:19:20 + Steve Alexander <[EMAIL PROTECTED]> wrote: >> Now your users see only those hits in a query which apply to objects >> they are allowed to "View". > > >However, you will be loading each object that is a potential query >result into memory for every query. That could be a lot of objects. I didn't say it's perfect, it works however... BTW, it's not the "View" permission but "Access content information"... obviously :) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCatalog: hiding search results from unauthorized users - hack
Igor Stroh wrote: > > Now your users see only those hits in a query which apply to objects they > are allowed to "View". However, you will be loading each object that is a potential query result into memory for every query. That could be a lot of objects. -- Steve Alexander Software Engineer Cat-Box limited ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZCatalog: hiding search results from unauthorized users - hack
Hi all,
in case someone have same problem as me (see "ZCatalog - hiding query
results" thread for more info) - I got a solution:
- create a product that subclasses ZCatalog
- in this product overwrite ZCatalog.getobject with
def getobject(self, rid):
"""foo"""
obj = self.aq_parent.unrestrictedTraverse(self.getpath(rid),\
restricted=1)
return obj
- create a python script in your catalog (e.g. "filterCat") with a
parameter that reoresents the catalog itself ("brains" here):
retval = []
for brain in brains:
try:
obj = container.getobject(brain.getRID())
retval.append(brain)
except:
pass
return retval
- adjust your catalog query reports, so that they call
"filterCat(_[''])" instead of
Now your users see only those hits in a query which apply to objects they
are allowed to "View".
greetings,
Igor
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
