Re: [Zope] all DTML Methods of current folder and subfolder
Jerome ALET writes:
Please do you know how to pass a "complex" obj_expr parameter to the ZopeFind call ?
I want to do the following loop in Zope 2.1.6:
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], search_sub=1, obj_expr=XXX">
where XXX is "not objectValues(['Folder'])"
this would recursively find all subfolders which hasn't got any subfolder from the current folder.
What is the correct syntax (', " and """ nesting) for that ? You cannot use " or """ because this would confuse the dtml-parser.
You can use: ... obj_expr='''not objectValues(['Folder'])''' ... or ... obj_epxr='not objectValues[\'Folder\']=' ... Dieter PS: It was a question about escapes in Python.
Hi, now I'm at work I've tested your solution, read below. On Sun, 23 Jul 2000, Dieter Maurer wrote:
Jerome ALET writes:
I want to do the following loop in Zope 2.1.6: <dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], search_sub=1, obj_expr=XXX"> where XXX is "not objectValues(['Folder'])"
What is the correct syntax (', " and """ nesting) for that ?
You can use: ... obj_expr='''not objectValues(['Folder'])''' ... or ... obj_epxr='not objectValues[\'Folder\']=' ...
Thanks to you, the syntax you gave me is accepted by the dtml parser, but both <dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='''not objectValues(['Folder'])''', search_sub=1)"> and <dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='not objectValues([\'Folder\'])', search_sub=1)"> have given me an empty list. If I don't use obj_expr then I've got the full recursive list of all subfolders from the current folder. Knowing that the Zope Search Interface allows me to type this expression in the obj_expr field and gives me the correct result, what could be the problem I encounter ? I know I could build a correct list by putting a test inside my dtml-in loop, but I really prefer to understand why this doesn't work, and all I can say now is: I don't understand at all. Does anyone have an idea about where the problem comes from ? thanks in advance. Jerome ALET - alet@unice.fr - http://cortex.unice.fr/~jerome Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
Jerome Alet writes:
Thanks to you, the syntax you gave me is accepted by the dtml parser, but both
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='''not objectValues(['Folder'])''', search_sub=1)">
and
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='not objectValues([\'Folder\'])', search_sub=1)">
have given me an empty list. I analysed this strange behavior in Zope 2.1.6 and have a partial explanation.
Although the permission setting for "objectValues" is "Access contents information" which by default is granted to "Anonymous" and "Manager", only "Manager" is allowed to access "objectValues" in the context of the above "ZopeFind". I could not yet determine, why this is the case. But taken this fact for granted, the behavior becomes clear: the access to "objectValues" results in an "Unauthorized" exception. This is catched but prevents any object from being added to the result list. Workaround: you need to add the REQUEST parameter to "ZopeFind". i.e.: <dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='not objectValues([\'Folder\'])', search_sub=1, REQUEST=REQUEST)"> This allows ZopeFind to use AUTHENTICATED_USER for validation of the "objectValue" access. The code will then work at least for the manager. Hopefully (not tested) a manager proxy role will make it work for arbitrary users, too. I will investigate further, why "this().objectValues__roles__" returns "('Manager',)" rather than "('Anonymous','Manager')". However, this can take quite some time because I am currently a bit stressed. Dieter
Dieter Maurer writes:
Jerome Alet writes:
Thanks to you, the syntax you gave me is accepted by the dtml parser, but both
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='''not objectValues(['Folder'])''', search_sub=1)">
and
<dtml-in "ZopeFind(this(), obj_metatypes=['Folder'], obj_expr='not objectValues([\'Folder\'])', search_sub=1)">
have given me an empty list. I analysed this strange behavior in Zope 2.1.6 and have a partial explanation.
Although the permission setting for "objectValues" is "Access contents information" which by default is granted to "Anonymous" and "Manager", only "Manager" is allowed to access "objectValues" in the context of the above "ZopeFind".
I could not yet determine, why this is the case.
But taken this fact for granted, the behavior becomes clear: the access to "objectValues" results in an "Unauthorized" exception. This is catched but prevents any object from being added to the result list.
By now, I know why we get this strange "objectValues__roles__" result inside ZopeFind. In "FindSupport:145", "ZopeFind" strips away the acquisition context of an object. base=obj if hasattr(obj, 'aq_base'): base=obj.aq_base if not hasattr(base, 'objectItems'): return result try: items=base.objectItems() except: return result This, too, removes the information needed for "acl_user" based authorization: In the traversal of the aquisition chain to determine the roles associated with "objectValues", the application object on top of the acquisition hierarchy is not longer reached. Therefore, "ApplicationDefaultPermissions" is not used and "PermissionRole" falls back to its own default "('Manager',)". This acquisition context stripping is almost surely responsible for other problems reported for ZopeFind, too. The behaviour would disappear, if the line try: items=base.objectItems() is replaced by try: items=obj.objectItems() Note: "ZopeFindAndApply" would need the same patch. I am not sure, however, whether this will have adverse effects at other places. I will put a reference to this report into the Collector. Dieter
On Wed, 26 Jul 2000, Dieter Maurer wrote:
I analysed this strange behavior in Zope 2.1.6 and have a partial explanation.
Hi, thank you very much for your time, your explanations and your workaround. I'll test this ASAP and tell you the result. thanks again. bye, Jerome ALET - alet@unice.fr - http://cortex.unice.fr/~jerome Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
participants (2)
-
Dieter Maurer -
Jerome Alet