On Tuesday 11 March 2003 06:22, HP Knoll wrote:
Hi,
In my search results page I would like to display only those results where the user has the permission to view those files. My question is: how do I refer to the current object in a <dtml-in> loop? I know that I could use <dtml-in Catalog skip_unauthorized> but it still displays all results, even those where the user has absolutely no right.
Here is the example:
<dtml-in Catalog> <dtml-if expr="_.SecurityGetUser().has_permission('View', OBJECT?????)"> ... </dtml-if> </dtml-in>
Your code don't work because a catalog request just retrieve public catalog entries (called "brains"), not real objects. It should work with something like : <dtml-in "[record.getObject() for record in Catalog()]" skip_unauthorized> ... </dtml-in> Then, what you retrieve is a list of real objects, on which you may be able to apply the "skip_unauthorized" parameter ; you can also sort this list on any of your objects properties, and not only those indexed into the catalog. Not tested anyway, and I don't know if this kind of code is as efficient as it should be... Thierry