----- Original Message ----- From: Dieter Maurer <dieter@handshake.de> To: Tim Hicks <tim@sitefusion.co.uk> Cc: <zope@zope.org> Sent: Friday, December 29, 2000 9:38 AM Subject: Re: [Zope] inserting half a dtml tag into a zclass
Tim Hicks writes:
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01C07071.533E96C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable You are here long enough: you should know, we do not like MIME messages.
My apologies. You're right, I do know better... my mistake. Also, apologies for the delayed reply, I've been away.
... isolating privacy checks ... <dtml-var privacy> <dtml-var standard_html_header> <dtml-var standard_html_footer> </dtml-if>
I know about 2 possible approaches:
I. let your "privacy" method return a value (using "dtml-return") and check it above:
<dtml-if privacy> ...header... ... ...footer... </dtml-if>
I've gone for a 'method' based on this first idea of yours. Here is what appears in each zclass instance. <dtml-call privacy> <dtml-if "available == 1"> <dtml-call "RESPONSE.redirect(restricted+'/restricted.html')"> <dtml-else> <dtml-var standard_html_header> <dtml-var standard_html_footer> </dtml-if> And here is the privacy method. <dtml-call "REQUEST.set('available', 0)"> <dtml-if "propertyLabel(availability) == 'private'"> <dtml-call "REQUEST.set('available', 1)"> </dtml-if> <dtml-call "REQUEST.set('dom', _.string.split(REQUEST.REMOTE_ADDR, '.'))"> <dtml-if "dom[0] == '192'"> <dtml-if "dom[1] == '168'"> <dtml-call "REQUEST.set('available', 0)"> </dtml-if> </dtml-if> <dtml-in PARENTS> <dtml-let PARENT="_.getitem('sequence-item')"> <dtml-if "PARENT.hasProperty('dehs_site_root_folder')"><dtml-call "REQUEST.set('restricted', PARENT.absolute_url())"></dtml-if> </dtml-let> </dtml-in> It's not perfect (that would be when there is nothing for the user to break in each instance), but it's better than it was and also allows me to edit only one privacy method to change the access rights.
II. I think (this implies, I am not sure), that ZPublisher translates exceptions into HTTP response codes. This would mean, you could try:
In your "privacy" method: .... <dtml-call "RESPONSE.redirect(...)"> <dtml-raise type="Redirect"></dtml-raise> ....
in your other objects:
<dtml-call privacy> ...header... .... ...footer...
You've lost me a bit there. Where am I actually checking to see if the user has access rights? Cheers tim