Coding, Scripting, Administration

What's the user

If you want to check for a permission on a user other than the one who is currently logged in, this will not do what you'd expect:

> user.checkPermission(ModifyPortalContent, self.context)

This acquires the checkPermission() method from the MembershipTool and actually checks the permission on the currently logged-in user (authenticated member), ignoring the user object. In theory, this should do the trick:

> user.has_permission(ModifyPortalContent, self.context)

However, at least in my code, this returns False because Acquisition claims that the user object and self.context are not in the same acquisition context. What finally worked for me was:

> from plone import api
> with api.env.adopt_user(user=user):
>    user.checkPermission(ModifyPortalContent, self.context)

This temporarily switches the security context to user, which is then used for permission checks. If you're not using plone.api, you'll do something like

> old_security_manager = getSecurityManager()
> newSecurityManager(getRequest(), user)
> user.checkPermission(ModifyPortalContent, self.context)
> setSecurityManager(old_security_manager)
9th November 2014Filed under: Plone   user management