Dunigan, Craig writes:
.... I do not think so. "Add EW Nav Links" is the permission that you want to test for. But the "Unauthorized" exception is already raised when the catalogued object is looked up.
Forgive my inexperience, but how do you know this?
REQUEST['AUTHENTICATED_USER']. has_permission('Add EW Nav Links', REQUEST.resolve_url(BASE0+getpath(data_record_id_)))) raised the "Unauthorized" exception (according to your traceback). In this expression, only "REQUEST.resolve_url(...)" and maybe "getpath" (if your user can not access the catalog, but that seems unlikely) can raise this exception. "REQUEST" and its methods are public, "has_permission" is public, "BASE0" is public (as part of "REQUEST").
.... <dtml-call "REQUEST.set('YihawFolders', [])"> <dtml-in expr="Catalog({'meta_type':'Yihaw Folder'})"> <dtml-if "REQUEST['AUTHENTICATED_USER'].has_permission('Add EW Nav Links', REQUEST.resolve_url(BASE0+getpath(data_record_id_)))"> <dtml-call "YihawFolders.append(getpath(data_record_id_))"> </dtml-if> </dtml-in>
As a workaround, you could wrap your "if" into a "dtml-try". If you get an "Unauthorized" exception, it should surely not be in your "YihawFolders" list. Dieter