On Thursday 22 February 2001 07:44, Jérôme Loisel wrote:
Hi folks!
I am somewhat unable to check whether or not the user has manager access to some object object. The following does not work as expected:
<dtml-if "AUTHENTICATED_USER.has_role('Manager', _.getitem('.news'))"> <P>Blah.</P> </dtml-if>
Instead of getting a true result if the user has manager acces to the .news item (a folder), I get a true result if the user has manager access to his context.
Have you checked what parameters AUTHENTICATED_USER.has_role() accepts? (try looking in the ZQR). AFAIK, it only accepts a list of role names, no objects, and can only tell you if the user has that role, as specified in the acl_users folder. It sounds to me like you have a small misunderstanding of how roles work. Once you have created a role type, you can then specify permissions on objects for that role. So, if I want only Managers to be able to edit DTML Methods in a particular folder , it set the "Change DTML Methods" flag in the Security tab for that folder. From then on, anyone with the 'Manager' role is allowed to "Change DTML Methods". By default, all folders are set to inherit all permissions. So, if a user must have a particular role to perform a particular action, the object in question should have its security settings set to reflect that.
Related question: How do I access AUTHENTICATED_USER from Python?
self.AUTHENTICATED_USER works for me.
Can anyone point me in the right direction? Thanks,
I'm trying. (o8
Jérôme Loisel.
PS: Shouldn't there be separate mailing lists for different types of users? Content managers probably have different questions from (beginning) developpers...
There are a couple of lists, and yes, different people ask different questions. However, IMHO, keeping everyone in the same lists improves your chances of answering someone elses problem that you've already encountered, and can show you just how quickly you really are learning! (o8 Have a better one, Curtis Maloney.