RE: [Zope] Show Viewable folders
That returns all the folders, including the one I'm not authorized to view. -mjm -----Original Message----- From: Phil Harris [mailto:phil.harris@zope.co.uk] Sent: Wednesday, August 01, 2001 4:50 PM To: Montagne, Michael; zope@zope.org Subject: Re: [Zope] Show Viewable folders How about: <dtml-in expr="PARENTS[0].objectValues('Folder')" skip_unauthorized=1> ?? ----- Original Message ----- From: "Montagne, Michael" <montagne@BOORA.com> To: <zope@zope.org> Sent: Thursday, August 02, 2001 12:35 AM Subject: [Zope] Show Viewable folders
I'm trying to display only the folders that a User has viewing rights to. The following code snippets are my two different attempts that both seem flawed. I created a user and a role. Only when that user is assigned the Manager role at the root level will the ifs test true. I'm deselecting Acquire permission settings and checking view for the role. I know this
is
working because I can view the folder. I tested this by unchecking View and relying on Acquisition. When I did this, I could not view the folder, just as it should be. So it seems something in these code snippets is screwy. What could it be?
<dtml-in expr="PARENTS[0].objectValues('Folder')"> <dtml-if "AUTHENTICATED_USER.has_permission('View','<dtml-sequence-item>')"> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a> <dtml-else> Nope<br> </dtml-if> </dtml-in>
<dtml-in expr="PARENTS[0].objectValues('Folder')"> <dtml-if expr="_.SecurityCheckPermission('View','<dtml-sequence-item>')"> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a> <dtml-else> Nope<br> </dtml-if> </dtml-in>
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
You sure? If so then I'd say it was a bug in Zope. ----- Original Message ----- From: "Montagne, Michael" <montagne@BOORA.com> To: "'Phil Harris'" <phil.harris@zope.co.uk>; <zope@zope.org> Sent: Thursday, August 02, 2001 1:11 AM Subject: RE: [Zope] Show Viewable folders
That returns all the folders, including the one I'm not authorized to view.
-mjm
-----Original Message----- From: Phil Harris [mailto:phil.harris@zope.co.uk] Sent: Wednesday, August 01, 2001 4:50 PM To: Montagne, Michael; zope@zope.org Subject: Re: [Zope] Show Viewable folders
How about:
<dtml-in expr="PARENTS[0].objectValues('Folder')" skip_unauthorized=1>
??
----- Original Message ----- From: "Montagne, Michael" <montagne@BOORA.com> To: <zope@zope.org> Sent: Thursday, August 02, 2001 12:35 AM Subject: [Zope] Show Viewable folders
I'm trying to display only the folders that a User has viewing rights
to.
The following code snippets are my two different attempts that both seem flawed. I created a user and a role. Only when that user is assigned the Manager role at the root level will the ifs test true. I'm deselecting Acquire permission settings and checking view for the role. I know this is working because I can view the folder. I tested this by unchecking View and relying on Acquisition. When I did this, I could not view the folder, just as it should be. So it seems something in these code snippets is screwy. What could it be?
<dtml-in expr="PARENTS[0].objectValues('Folder')"> <dtml-if "AUTHENTICATED_USER.has_permission('View','<dtml-sequence-item>')"> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a> <dtml-else> Nope<br> </dtml-if> </dtml-in>
<dtml-in expr="PARENTS[0].objectValues('Folder')"> <dtml-if expr="_.SecurityCheckPermission('View','<dtml-sequence-item>')"> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a> <dtml-else> Nope<br> </dtml-if> </dtml-in>
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
That returns all the folders, including the one I'm not authorized to view.
I'd say that's a symptom of a permissions or authentication problem. A dtml-in trying to use unauthorized objects will explode, unless you skip them with the skip_unauthorized. There's a bug in (at least) 2.3.3 that screws up the sequence-first/index/last stuff, but I don't think that's relevant right now. But it doesn't let you view unauthorized objects. Either you are authenticated as someone you don't think you are, or your permissions aren't doing what you think they should. --jcc (credentials)
participants (3)
-
J. Cameron Cooper -
Montagne, Michael -
Phil Harris