Jerome Alet writes:
Thanks to you, the syntax you gave me is accepted by the dtml parser, but both
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='''not objectValues(['Folder'])''', search_sub=1)">
and
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='not objectValues([\'Folder\'])', search_sub=1)">
have given me an empty list. I analysed this strange behavior in Zope 2.1.6 and have a partial explanation.
Although the permission setting for "objectValues" is "Access contents information" which by default is granted to "Anonymous" and "Manager", only "Manager" is allowed to access "objectValues" in the context of the above "ZopeFind". I could not yet determine, why this is the case. But taken this fact for granted, the behavior becomes clear: the access to "objectValues" results in an "Unauthorized" exception. This is catched but prevents any object from being added to the result list. Workaround: you need to add the REQUEST parameter to "ZopeFind". i.e.: <dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='not objectValues([\'Folder\'])', search_sub=1, REQUEST=REQUEST)"> This allows ZopeFind to use AUTHENTICATED_USER for validation of the "objectValue" access. The code will then work at least for the manager. Hopefully (not tested) a manager proxy role will make it work for arbitrary users, too. I will investigate further, why "this().objectValues__roles__" returns "('Manager',)" rather than "('Anonymous','Manager')". However, this can take quite some time because I am currently a bit stressed. Dieter