On Friday 23 February 2001 05:06, Jérôme Loisel wrote:
(This was my reply. I forgot to add zope@zope.org to cc, so I'm now forwarding it. Sorry for the confusion... I'm new to the list.)
Yeh... I used to keep making that mistake. (o8
My problem was this: I have a .news folder. I selectively grant manager access to that folder for some users. When such a user browses the site, any part of the site, he should see an "Add a news item" button appear. So I needed to check whether or not the user has manager acces _to the .news folder_.
Well, unless you're playing around with multiple acl_users object, this wouldn't make a difference. A user will have a role from the acl_users object down.
<quote src="zqr"> has_role(roles, [object]) Check to see if a has a given role or roles. </quote>
I can see that calling has_role(roles) works as expected. Sadly, calling has_role(roles, object) does not seem to yield a different behavior. And that behavior is what I was looking for. However...
Interesting... I might have a dig through the Zope sources and see what this is all about... Maybe you've just found a mistake in the ZQR.
<quote src="zope_help_system"> hasRole(object, roles): Return a value that is true if the user has the given roles on the given object and return false otherwise.
Permission - Always available </quote>
At first I did not even notice that this is a different function altogether. Silly me. Calling the following works.
Looks great. I didn't know about this one, tbh.
<dtml-with .news> <dtml-if "AUTHENTICATED_USER.hasRole('Manager')"> Blah. </dtml-if> </dtml-with
So you did in fact point me in the right direction... You told me to go re-read the docs. :-)
Hey,.... always glad to be of assistance. (o8 I find the ZQR is almost always my first call when I can't find the method I want.
[...]
Related question: How do I access AUTHENTICATED_USER from Python?
self.AUTHENTICATED_USER works for me.
Hmmm. I was not clear enough. I meant from PythonScript objects. context.AUTHENTICATED_USER does not work for me. I get no better results with container (obviously) or namespace (bound properly, of course).
Well, I would have thought this would work in Python Scripts (I use it in Python Methods)... However, IIRC AUTHENTICATED_USER actually lives inside the REQUEST object... try there, perhaps?
Thank you very much for your help.
Cheers,
Jérôme Loisel
Always glad to help. Have a better one, Curtis Maloney.