Art Hampton wrote:
I'm trying to use Evan's DTML Method "FetchObj" (quoted below). It works great for retrieving an object if I'm guaranteed to have permissions for it.
[snipt]
<dtml-if "AUTHENTICATED_USER.has_permission('View', _.render(fetchObj(_.None, _, fetchStr=category_path)))">
As you found, this won't work, since access checking kicks in before FetchObj is even done.
Otherwise I'll have to go back to my original strategy of placing all of my news category security info in MySQL, and secure the querries using DTML method proxy rights. I was hoping to go with ZCatalog Aware objects in folders, so I could take advantage of the built in Zope security model and ZCatalog awareness/ZCatalog searches.
Despair not! This is what <dtml-try> is for. Thus: <dtml-try> <dtml-call expr="...FetchObj..."> <dtml-except> Sorry, can't access that </dtml-try> Cheers, Evan @ 4-am