Mike Renfro wrote:
I have a very similar problem to the one given by Jean Lagarde at http://lists.zope.org/pipermail/zope/2001-June/093739.html -- I have a number of Squishdot sites, and I'd like to automatically generate a list of Squishdot sites accessible to the current logged-in user.
Here's the dtml method (MyFora) I'm using:
<ul> <dtml-in findfora skip_unauthorized> <dtml-let item=sequence-item> <dtml-with item> <li><a href="<dtml-var absolute_url>"><dtml-var title></a> </dtml-with> </dtml-let> </dtml-in> </ul>
and here's the Python script (findfora):
from string import split, join
published = {} meta_types = ('Squishdot Site',) root = None
#lets setup the root we will find all our resources from if context.REQUEST.VirtualRootPhysicalPath: root = context.REQUEST.VirtualRootPhysicalPath else: root = ('',) root = context.restrictedTraverse(root)
published=[]
for obj in context.ZopeFind(root, obj_metatypes=meta_types, search_sub=1): id, obj = obj[0], obj[1] published.append(obj)
return published
For every authenticated user, it returns a *full* list of Squishdot sites, not just the ones they're authorized to view. Clicking on one of the unauthorized links pops up a login dialog, but I don't even want the links to show up at all (which I thought skip_unauthorized would take care of).
As far as I can tell, neither method has any proxy roles attached. What detail did both Jean and I miss in our respective situations? Zope 2.3.2, by the way.
-- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
Does anonymous by any chance have the "Access contents information" permission on these objects (or any others)? I suspect it must if it can display the titles. -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>