At 13:56 18/02/99 , you wrote:
Hi,
I have a DTML page that adds users to a folder, (trying to) give them only a specific, limited role. The code in question looks like this. I know it is overkill, but it is more clear this way. (inId passes the folder to give access to):
<!--#call "REQUEST.set('name', name)"--> <!--#call "REQUEST.set('password', password)"--> <!--#call "REQUEST.set('confirm', confirm)"--> <!--#call "REQUEST.set('roles', 'Student')"--> <!--#call "REQUEST.set('domains', '')"--> <!--#call "_.getitem(_['inID']).acl_users.manage_users(submit='Add', REQUEST=REQUEST)"-->
Domains and Roles are both lists, so do this: <!--#call "REQUEST.set('name', name)"--> <!--#call "REQUEST.set('password', password)"--> <!--#call "REQUEST.set('confirm', confirm)"--> <!--#call "REQUEST.set('roles', ['Student'])"--> <!--#call "REQUEST.set('domains', [])"--> <!--#call "_.getitem(_['inID']).acl_users.manage_users(submit='Add',REQUEST=REQUEST)"--> and you're home free. The hint is the source for manage_users: domains is listed as domains:tokens, and roles as roles:list. This means Zope will parse the incoming CGI data expecting a token string for domains and a list for roles, and will put a nice list for both into the REQUEST object. manage_users doesn't check wether this is actually the case, and just accepts your strings, which later on give you errors. -- M.J. Pieters, Web Developer | ATMM http://www.atmm.nl | Tel: +31-35-6254545 Fax: +31-35-6254555 | mailto:mj@atmm.nl http://www.atmm.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------