-----Original Message----- From: Rob Page [mailto:rob.page@digicool.com] Sent: Wednesday, May 26, 1999 21:26 To: 'Jay, Dylan' Cc: 'zope@zope.org' Subject: RE: [Zope] RE: What method do I use to check access?
What I want is <!--#if "AUTHENTICATED_USER.hasPermission(SomeObject, 'View')"--> <a href="<!--#var "SomeObject.absolute_url()"-->">Goto SomeObject</a> <!--#/if-->
How about:
<!--#if expr="AUTHENTICATED_USER.has_role('requester')"--> <LI> <A HREF="Requester/index_html">Requester menu</A> <!--#/if-->
Reading between the lines of your original post it sounds like this approach might work but require you to add more role definitions...
I'm not sure what your proposing other than using having different roles for each restricted area. And that makes roles a restrictive device. I have several areas and several groups of users. My roles represent a type of user not a type of access to a particular area. A role may enable access to many areas. This is how it supposed to work with roles as I understand it. The problem I'm trying to addess, which for some reason I can't seem to get across to anyone, is as follows. If say I development area to only users with role developer this is fine. I can then in my main page add a link to this development area that is viewable to only developers like so <!--#if expr="AUTHENTICATED_USER.has_role('developer')"--> <LI> <A HREF="development_area/index_html">Development Area</A> <!--#/if--> This is fine and what I currently do. My argument is that if later I want say users with supervisor role to access the development area then I have to change the permissions on the development are and find all the has_role conditions in my code and change them. This is not huge point I realize but it seems to me a logical function that I should be able to perform. Show something if the user has permission to see it. It also means I can conditionally include DTML only if that user has permission to view that DTML. ie <!--#if "restrictedDTML.hasPermission(AUTHENTICATED_USER, 'View')"--> <!--#var restrictedDTML--> <!--#/if--> If this not something that others see as important or is too hard then fine. I spent a couple of hours on it and couldn't find a nice way of doing it. I thought someone else could do it easier. A function called oldvalidate() looked promising but the name didn't seem to indicate its validity and with no documentation I couldn't work out the arguments. All I want is the security validation mechanism exposed more so I can use in DTML. Can this be done?