Jason Cunliffe writes:
From: "Dieter Maurer" <dieter@handshake.de>
Jason Cunliffe writes:
I have searched, and I know its really simple, but please can anyone tell me how to take a working URL like this:
http://Zsite231/images/manage_addProduct/Photo/PhotoAdd_version2
Whenever you have a path (absolute, server local), you can use "restrictedTraverse" to resolve it into an object (under the condition of sufficient permissions).
Thanks ....... so I tried this:
<dtml-var "restrictedTraverse('/images/manage_addProduct/Photo/PhotoAdd_jason').absolu te_url()">
following a syntax example from a post at http://lists.zope.org/pipermail/zope/2000-September/117834.html
I imagine that you will not be surprised to learn that I keep getting a Network Password dialog box popping up... I looked at the source in "OFS.Traversable" and determined, that "restrictedTraverse" validates access to each intermediate step. "REQUEST.resolve_url" on the other hand validates only the last step (I think, did not check).
Your traceback suggests that you do not have access to "Photo". I cannot tell you, why. With the help of my DocFinder product URL:http://www.dieter.handshake.de/pyprojects/zope/DocFinder.html I verified that my products allow access to "Anonymous" and "Manager". Nevertheless, "restrictedTraverse" raises an "Unauthorized". Maybe a bug in "getSecurityManager().validate" or something with respect to acquisition or Zope permissions, we do not yet understand. Your options: * use "unrestrictedTraverse" (not directly allowed from DTML or Python script) * use "REQUEST.resolve_url" * find the reason, why Zope security does not work as we expect - maybe file a bug report. Currently, I have not enough time to analyse the problem fully. Dieter