Hi , I want to check for two roles in a page.I did like this <dtml-unless "_.SecurityGetUser().has_role('Faculty||staff')"> < <dtml-call expr="RESPONSE.redirect('../login_form')">> </dtml-unless Is this correct? Thanks for any help
schandra@csee.wvu.edu wrote:
I want to check for two roles in a page.I did like this
<dtml-unless "_.SecurityGetUser().has_role('Faculty||staff')"> < <dtml-call expr="RESPONSE.redirect('../login_form')">> </dtml-unless
Is this correct?
This is wrong for several different reasons. 1. The obvious one, your first line is checking for a role called "Faculty||staff", instead of checking for a role called "Faculty" or a role called "staff". 2. The not-so-obvious one is in the intent of this code. It looks like you're trying to manually do what Zope's security does for you. Take away the "View" permission for anyone not in these roles, and the CookieCrumbler will take care of sending the user to the login_form. This can be done on an entire directory so that you're not in charge of making sure this check is done at every restricted page. In other words, this block of code is likely not necessary. - David A. Riggs <riggs at csee dot wvu dot edu>
participants (2)
-
David A. Riggs -
schandraļ¼ csee.wvu.edu