Re: [Zope] How to test for a user having a permission?
=?iso-8859-1?q?Hamish=20Lawson?= writes:
I know I can map methods to permissions and so have the Zope machinery take care of testing whether the user has permission to call a method, but say I want to decide whether to display an 'Edit' button on the page depending on whether the user has the appropriate permission for editing. How do I test for the user having this permission - is there some kind of hasPermission() method I can use? I could make an assumption about which roles have which permissions and call hasRole(), but that doesn't seem right to me* - I don't think my code should care about what roles the user has, only whether they have the required permission. Look in the embedded Online Help system -> API reference -> User
Dieter
I know I can map methods to permissions and so have the Zope machinery take care of testing whether the user has permission to call a method, but say I want to decide whether to display an 'Edit' button on the page depending on whether the user has the appropriate permission for editing. How do I test for the user having this permission - is there some kind of hasPermission() method I can use? I could make an assumption about which roles have which permissions and call hasRole(), but that doesn't seem right to me* - I don't think my code should care about what roles the user has, only whether they have the required permission.
With: <dtml-if expr="AUTHENTICATED_USER.has_permission('Edit','PARENTS[0]')"> <a href="<dtml-var absolute_url>/manage_main">Edit</a> </dtml-if> in a method called from a document, it works for me. HTH, -- Tim Cook, President - FreePM,Inc. http://www.FreePM.com Office: (901) 884-4126 ONLINE DEMO: http://www.freepm.org:8080/FreePM
Tim Cook wrote:
<dtml-if expr="AUTHENTICATED_USER.has_permission('Edit','PARENTS[0]')"> <a href="<dtml-var absolute_url>/manage_main">Edit</a> </dtml-if>
Thanks. Brian Lloyd also mentioned has_permission() in reply to my post on the (mis)use of hasRole(). Dieter Maurer wrote:
Look in the embedded Online Help system -> API reference -> User
I'd already had a look in the online help, but there's no section for User (at least in my Zope installation), and the section for AuthenticatedUser doesn't list has_permission() - perhaps it ought to. I will concede, though, that I could easily enough have done a grep through the Zope source for the likely candidates, "def hasPermission" or "def has_permission" <sheepish grin>. Hamish Lawson ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie
participants (3)
-
Dieter Maurer -
Hamish Lawson -
Tim Cook