Ingo Assenmacher wrote:
I have a method which searches for objects of certain types with help of an Catalog. I use
<dtml-in "Catalog(meta_type='desired_type')"> <dtml-with "resolve_url(getpath(data_record_id_), REQUEST)"> <dtml-val id> </dtml-with> </dtml-in>
And this is what I get IF I AM NOT THE SUPER-USER: Traceback (innermost last): Unauthorized: (see above)
I NEED THIS! So, please help!
resolve_url uses the exact same publishing machinery as calling a URL through the web; it does _not_ bypass the security machinery. If you do not have enough privledge to access to an object, then you will get an Unauthorized, just like when you call it through the web. The user that you are running this query as does not have enough privledge to call one of your desired_type objects. The exact object that you are unauthorized to see is displayed in the Error Message, which you did not include. There is no bug here, this is how it is supposed to work. Make sure that the objects that are resolved by this query can be viewed by the user who runs the query. -Michel