Montagne, Michael writes:
I'm trying to display only the folders that a User has viewing rights to. .... <dtml-in expr="PARENTS[0].objectValues('Folder')"> <dtml-if "AUTHENTICATED_USER.has_permission('View','<dtml-sequence-item>')"> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a> <dtml-else> Nope<br> </dtml-if> </dtml-in>
<dtml-in expr="PARENTS[0].objectValues('Folder')"> <dtml-if expr="_.SecurityCheckPermission('View','<dtml-sequence-item>')"> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a> <dtml-else> Nope<br> </dtml-if> </dtml-in> You have not yet been reached by the information that you cannot use "dtml-*" inside a Python expression?
Inside "...", you are in a Python expression context. '<dtml-sequence-item>' is there the literal string "<dtml-sequence-item>", no interpretation of "sequence-item" as you seem to expect.... Use in similar situations something like: <dtml-let folder=sequence-item> ... "... folder ..." ... </dtml-let> In your case, you can use: <dtml-let folder=sequence-item> <dtml-if expr="_.SecurityCheckPermission('View',folder)"> ... </dtml-if> </dtml-let> Unfortunately, this will not work for all permissions and for all objects: It will e.g. fail for 'View' and DTML objects and for 'Access Contents Information' and folders. I think this is a bug in Zope's security subsystem. If you feel like me, please put it into the collector. Dieter