>On Sunday 23 May 2004 01:39, Maas-Maarten Zeeman wrote:
> >     760         container._q_access(request, component) # <- extra
> > parameter

On Tuesday 25 May 2004 11:36, Evan LaForge wrote:
>
> I have a _q_access that needs the component and does the following:
>
> component = req.environ['PATH_INFO'][1:].split('/', 1)[0]
>
> This only works because it knows where it lives in the path (always at the
> bottom).  If the above doesn't work you could do something like:
>
> p = req.environ['PATH_INFO'][1:].split('/')
> component = p[len(publisher.get_namespace_stack())]
>
> ... but that could be considered grody and hard to understand.
>
> >     def _q_access(request, name):
> >         if request.session.user is None and name == "private_thing":
> >             raise AccessError('You must be logged in to access
> > "private_thing".')
>
> This I would suggest putting in private_thing.  Then when you add another
> access-controlled object you simply have it inherit (or implement directly)
> whatever access method and there's no need to add to a growing switch in
> _q_access.
>

There are some situations that this is not clear.
Ex: Supose you want  permit someone to view an object but you don't want to
let him edit it.

I guess different solutions:
.Adapt export list to session info, but that raises Traversal Error instead.
.Use _q_lookup for everything.
.Wrap methods or functions with classes provided with q_access;  over clompex
for most cases.

I think in those situations this extension would be helpful. Possibly, limited
to members of the export list. IE:

    # Second security check: call _q_access function if it's present.
    if hasattr(container, '_q_access'):
        # will raise AccessError if access failed
        container._q_access(request, internal_name)

Although, I'd like to hear arguments against it.

Oscar Rambla