What is the TAL equivelant to: <dtml-if " _.SecurityCheckPermissio n('Delete objects',this ())"> Nathan -- NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments, hyperlinks, or any other files of any kind is strictly prohibited. If you have received this message in error, please notify the sender immediately by telephone (865-218-2000) or by a reply to this electronic mail message and delete this message and all copies and backups thereof.
On Fri, Jul 26, 2002 at 12:49:03PM -0400, NathanDunn@ctimi.com wrote:
What is the TAL equivelant to:
<dtml-if " _.SecurityCheckPermissio n('Delete objects',this ())">
The problem here is that Page Templates don't have access to the DTML namespace (the _ variable), and I haven't found any other way to access SecurityCheckPermissions. It lives in lib/python/AccessControl/DTML.py and you get an authorization error if you try to get it via the modules namespace in ZPT. However, if what you're really trying to do is solve the problem you posted earler about hiding inaccessible folders in a listing, I think what you really want is this: http://www.zope.org/Members/peterbe/DTML2ZPT/#example17 I haven't seen any documentation of what the skip parameter is, and I haven't had a chance to look through the source code to see what it does. p.s. Looks like I'll be seeing you very soon, Nathan! I'll be calling Scott shortly to check in, and ask a few questions... --Paul Winkler
Paul Winkler writes:
... The problem here is that Page Templates don't have access to the DTML namespace (the _ variable), and I haven't found any other way to access SecurityCheckPermissions. It lives in lib/python/AccessControl/DTML.py and you get an authorization error if you try to get it via the modules namespace in ZPT. I do not understand why the security API is different for DTML and other parts of Zope (bad design!). Outside of DTML, you use the "SecurityManager" API:
tal:define="SecurityManager modules/AccessControl/getSecurityManager" "SecurityManager.getUser()" "SecurityManager.checkPermission(...)" .... Dieter
On Fri, Jul 26, 2002 at 03:17:05PM -0400, Paul Winkler wrote:
On Fri, Jul 26, 2002 at 12:49:03PM -0400, NathanDunn@ctimi.com wrote:
What is the TAL equivelant to:
<dtml-if " _.SecurityCheckPermissio n('Delete objects',this ())">
(snip)
I think what you really want is this: http://www.zope.org/Members/peterbe/DTML2ZPT/#example17
I haven't seen any documentation of what the skip parameter is, and I haven't had a chance to look through the source code to see what it does.
OK, now I have. The poorly-named "skip" parameter is a string representing the permission required in order for the item to NOT be skipped. So the following two approaches produce output that looks the same: <p> list filtered with SecurityManager follows... </p> <ul tal:define="sm modules/AccessControl/getSecurityManager; objs python:here.objectValues()"> <span tal:repeat="ob objs"> <li tal:condition="python:sm.checkPermission('Delete objects', ob)" tal:content="ob/title_or_id"> item name goes here </li> </span> </ul> <p> list filtered with LazyFilter follows...</p> <ul tal:define="ztu modules/ZTUtils; all_objs python:here.objectValues(); authobjs python:ztu.LazyFilter(all_objs, skip='Delete objects')"> <li tal:repeat="ob authobjs" tal:content="ob/title_or_id"> item name goes here </li> </ul> I think the second variant is cleaner. The <span> tag or a similar workaround is required in the first variant, because apparently putting the tal:repeat and tal:condition in the same tag causes a NameError on ob. -- Paul Winkler home: http://www.slinkp.com "Muppet Labs, where the future is made - today!"
NathanDunn@ctimi.com writes:
What is the TAL equivelant to:
<dtml-if " _.SecurityCheckPermissio n('Delete objects',this ())"> Something like (you need to look up the correct names):
<div tal:define="SecurityManager modules/AccessControl/getSecurityManager" tal:condition="python: SecurityManager.checkPermission(...)"> ... </div> Dieter
participants (3)
-
Dieter Maurer -
NathanDunn@ctimi.com -
Paul Winkler