def protectedURLHandler(event):
# Managers may view anything they want.
if event.request.AUTHENTICATED_USER.has_role('Manager'):
return
# Default to unprotected
protected = False
# Two possibilities: either we have an instancemethod, or a
# product instance (Python Script or others)
if isinstance(event.request.PUBLISHED, types.MethodType):
# For methods we need the immediate parent
obj = event.request.PARENTS[0]
else:
# For product instances we take the object itself.
obj = event.request.PUBLISHED
protected = is_protected(obj)
# Private items which were attempted to publish directly
# land in the log file and get "Unauthorized"
if protected:
logger.info('PROTECTED: ' + str(event.request.URL))
raise AccessControl.Unauthorized()
