Neil Burnett writes:
I want to check in one DTML Method whether the current user has permission to view another one. So I have tried the following, where editContact is the target method.
<dtml-if expr="_.SecurityCheckPermission('View', editContact())"> This does not work, because you render (i.e. call) "editContact". The result is a string and it is not very senseful, to ask for 'View' permission on a string.
Unfortunately, <dtml-if expr="_.SecurityCheckPermission('View', editContact)"> will not work either. This time, it is because "editContact" access is protected by 'View'. As soon as you reference 'editContact', it is checked wether the current user as the 'View' permission and an 'Unauthorized' exception raised if not. I think this is a bug, but probably will not be able to convince the relevant people. Your options: 1. move the above check into an external method (you need to path the "id", as otherwise you will get the same problem). 2. <dtml-call "REQUEST.set('hasViewPermission',0)> <dtml-try> <dtml-if expr="_.SecurityCheckPermission('View', editContact)"> <dtml-call "REQUEST.set('hasViewPermission',1)" </dtml-if> <dtml-except Unauthorized> </dtml-try> Dieter