Difference between getItem and restrictedTraverse
Hello, I build a frameset with a subnavigation -> <dtml-if "REQUEST.has_key('obj')"> <dtml-with "_.getitem(obj)"> show the content of the obj </dtml-with> </dtml-if> When a user Mr.Smith with a role VIP tries to log in, the subnavigation-frame is closed (though Mr.Smith can see the content frame with the same permissions) and Zope throws an exception: "Anonymous user is not allowed.The user would need to have the roles [Manager,VIP]." When I switch <dtml-with "_.getitem(obj)"> with <dtml-with "restrictedTraverse(obj,None)"> Zope accepts the VIP-Role and shows the frame. Hmmm.. I'm confused about the reasons for this behaviour and therefore about the differences between getItem and restrictedTraverse Thanks Sven
Sven Hohage writes:
When I switch <dtml-with "_.getitem(obj)"> with <dtml-with "restrictedTraverse(obj,None)"> Zope accepts the VIP-Role and shows the frame. I have seen this, too:
"restrictedTraverse" seems to be less strictly checking permissions the DTML access. This may be a bug, but I have been happy about this. It allowed me to access the property sheets of a ZClass (the class itself, not its instances). Dieter
participants (2)
-
Dieter Maurer -
Sven Hohage