为什么:
user.has_permission(permission, object)
和
user.checkPermission(permission, object)
返回不同的结果?
checkPermission似乎是正确的结果。
最佳答案
因为它们是,所以功能不同。has_permission是BasicUser中AccessControl/users.py类的方法:
def has_permission(self, permission, object):
"""Check if the user has a permission on an object.
This method is just for inspecting permission settings. For access
control use getSecurityManager().checkPermission() instead.
"""
roles=rolesForPermissionOn(permission, object)
if isinstance(roles, str):
roles=[roles]
return self.allowed(object, roles)
而
checkPermission是AccessControl/security.py中定义的函数:def checkPermission(permission, object, interaction=None):
"""Return whether security policy allows permission on object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
interaction -- This zope.security concept has no equivalent in Zope 2,
and is ignored.
checkPermission is guaranteed to return True if permission is
CheckerPublic or None.
"""
if (permission in ('zope.Public', 'zope2.Public') or
permission is None or permission is CheckerPublic):
return True
if isinstance(permission, basestring):
permission = queryUtility(IPermission, unicode(permission))
if permission is None:
return False
if getSecurityManager().checkPermission(permission.title, object):
return True
return False
has_permission用于检查权限设置,而checkPermission用于访问控制。换句话说,用户可能没有对对象的权限设置,但仍然可以通过其他安全策略机制访问。关于plone - 为什么checkPermission和has_permission返回不同的结果?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/23983435/