=?iso-8859-1?q?J=E9r=F4me=20Loisel?= writes:

I am somewhat unable to check whether or not the user has manager access to some object object. The following does not work as expected:

<dtml-if "AUTHENTICATED_USER.has_role('Manager', _.getitem('.news'))"> <P>Blah.</P> </dtml-if>

Instead of getting a true result if the user has manager acces to the .news item (a folder), I get a true result if the user has manager access to his context. I do not understand what "his context" means.

Nevertheless, I will make some remarks. Perhaps, they are of help: * "has_roles(roles,object)" will return "true", when the user globally has one of the roles in "roles" * it will return "true", when the user has one of the roles as a local role in an ancestor of "object" * There might be a bug in "AccessControl.User.User.getRolesInContext": the "__ac_local_roles__" are not looked up in the object itself but in its "aq_inner" (if it exists). I am not sure, however, whether this makes a difference, probably not.

Related question: How do I access AUTHENTICATED_USER from Python? AUTHENTICATED_USER is a REQUEST member.

Depending in what kind of Python you are, you could use something like: self.REQUEST.AUTHENTICATED_USER (External Method) or context.REQUEST.AUTHENTICATED_USER (Python Script) or REQUEST.AUTHENTICATED_USER (if REQUEST passed as parameter) Dieter