Hi all, I have a question about security and users in Zope. I'm trying to set up a system where a user sees the list of subfolders in a folder. The problem is that the user can only see those subfolders that he/she has access to. I've tried a number of different methods but none seem to work, specifically using AUTHENTICATED_USER.has_permission('View', MySubfolder) Let's say I have a folder called projects: projects/ (User 'Bill' role='View_Only') /project1 (User 'Bill' role='Manager') /project2 (User 'Bill' no role specified) Using the following dtml method I can get Bill's roles in each folder: <dtml-in "AUTHENTICATED_USER.getRoles()"> <dtml-var sequence-item> </dtml-in> So far so good, in the 'projects' folder I get:
View_Only Authenticated
And in the project1 folder I get
Manager Authenticated
Looks good, except that when I call my method from above FROM the projects folder Using the following code: <dtml-in expr="objectValues(['Folder'])"> <dtml-var title><br> <dtml-var roles> </dtml-in> I get the following input
project1 View_only Authenticated
project2 View_only Authenticated
The roles for project2 makes sense since Bill inherits his role there from the parent folder. What I don't understand is why Bill's role of 'Manager' is unrecognized in folder 'project1' Thanks in advance, Jon Bryant _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
participants (1)
-
Jonathan Bryant