Re: [Zope] Getting the requested object's properties (CMF/LoginManager)
Sreeram Ramachandran <gro.mareers@sreeram.org> wrote:
System: Zope 2.3.2b2, CMF 1.0, LoginManager 0.8.8b1, Zope/Python Newbie :)
I wish to customize the following code in standard_html_header (from the de= fault CMF skins):
<dtml-if "_.hasattr(this(),'isEffective') and not isEffective( ZopeTime()= )"> <dtml-unless "portal_membership.checkPermission('Request review',this()) or portal_membership.checkPermission('Review portal content',this())"> <dtml-var "RESPONSE.unauthorized()"> </dtml-unless> </dtml-if>
Instead of an HTTP-AUTH dialog (as it now stands), I would like to put out = a LoginManager-style "forbiddenPage". The following will not work, because = the "something follows here" (plus the standard_html_footer) section will s= till get output:
standard_html_header: if ...: // same check as above <dtml-var forbiddenPage> else: ... // normal stuff
some_page: <dtml-var standard_html_header> ... something follows here ... <dtml-var standard_html_footer>
So, what I need to do is to move the "isEffective" check into the LoginMana= ger or somewhere else upstream in the authentication process. Hopefully, th= e same place where LoginManager checks to see if it should call "forbiddenP= age" based on the user's roles versus object's required roles.
Any suggestions on how to code it?
How about:: <dtml-return forbiddenPage> Tres. -- =============================================================== Tres Seaver tseaver@digicool.com Digital Creations "Zope Dealers" http://www.zope.org
On Sat, May 19, 2001 at 12:50:50PM -0400, Tres Seaver wrote:
Sreeram Ramachandran <gro.mareers@sreeram.org> wrote:
Instead of an HTTP-AUTH dialog (as it now stands), I would like to put out a LoginManager-style "forbiddenPage". The following will not work, because the "something follows here" (plus the standard_html_footer) section will still get output:
standard_html_header: if ...: // same check as above <dtml-var forbiddenPage> else: ... // normal stuff
some_page: <dtml-var standard_html_header> ... something follows here ... <dtml-var standard_html_footer>
How about::
<dtml-return forbiddenPage>
Tres. -- =============================================================== Tres Seaver tseaver@digicool.com Digital Creations "Zope Dealers" http://www.zope.org
That won't work, because, although standard_html_header will return, some_page will continue and output the extra stuff ("something follows here" + footer). But, I found a way out! I now use "<dtml-raise>". In fact, using the same strategy, I am able to fix other minor irritations, such as: - pesky browsers (such as IE) showing their "friendly" error pages instead of your nicely-crafted HTML (for stuff like "LoginRequired"/"Forbidden") - the W3C HTML validator <http://validator.w3.org/> refusing to process any page unless the return code is 200. - trying to arbitrarily stop further DTML processing (and not just within the current document/method). I think the solution is pretty neat. It fixes all the above, is neat (i.e., without touching the Zope Python code at all) and is concentrated in a couple of places (such as standard_error_message, loginForm and standard_html_header) so that the rest of your site won't have to worry about it. I'll be happy to explain the details if anyone is interested or faces similar problems. Cheers! Sreeram. -- ---------------------------------- Observation is the essence of art. ----------------------------------
participants (2)
-
Sreeram Ramachandran -
Tres Seaver