On Wed, 28 Feb 2001 03:15, you wrote:
Brad Clements wrote:
Did you try setting a proxy role on the ShowNavBar method that can execute this?
No.. I don't want it to show if the logged in user doesn't have rights to it.
I want a way to see, in DTML (or an external method), if the current user has rights to an object.. if they have rights, does the object exist.
If they don't have rights, it's okay to raise an exception (AttributeError) which I can catch. But I don't want the SecurityManager to try to authenticate our access to it..
Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements
OK, how about if you call AUTHENTICATED_USER.has_permission() on each NavBar method to see if the user has rights to call it?
I know I'm jumping in part way through a threat... but if you're using a <dtml-in> to iterate over the side-bar items, have you considered using the skip_unauthorized attribute? If this is in Python, otoh, the ZQR says of AUTHENTICATED_USER.has_permission: has_permission(permission, object) Check to see if a user has a given permission on an object. Hope this helps. Have a better one, Curtis Maloney.