I have a dtml-tree method: <dtml-let root="site"> <dtml-tree name=root branches_expr="filter_tree_nodes()" nowrap single skip_unauthorized> <dtml-var id> </dtml-tree> </dtml-let> where site is a folder in my zope install and a PyScript:: excl_list = ['acl_users','errors','layout','site_admin','sql_methods','util'] obs = context.objectValues() for ob in obs: if ob.getId() in excl_list: obs.remove(ob) return obs Now the strange part is that is 'site' were a LocalFS object this works fine.... but the moment 'site' is a folder in my Zope root, I get an Unauthorised (Cannot access objectValues in this context) error, even though I am logged in as manager. Why does this happen?? The traceback: Traceback (innermost last): File /var/local/zope/leonardo/lib/python/ZPublisher/Publish.py, line 150, in publish_module File /var/local/zope/leonardo/lib/python/ZPublisher/Publish.py, line 114, in publish File /var/local/zope/leonardo/lib/python/Zope/__init__.py, line 159, in zpublisher_exception_hook (Object: test) File /var/local/zope/leonardo/lib/python/ZPublisher/Publish.py, line 98, in publish File /var/local/zope/leonardo/lib/python/ZPublisher/mapply.py, line 88, in mapply (Object: test) File /var/local/zope/leonardo/lib/python/ZPublisher/Publish.py, line 39, in call_object (Object: test) File /var/local/zope/leonardo/lib/python/OFS/DTMLMethod.py, line 127, in __call__ (Object: test) File /var/local/zope/leonardo/lib/python/DocumentTemplate/DT_String.py, line 473, in __call__ (Object: test) File /var/local/zope/leonardo/lib/python/DocumentTemplate/DT_Let.py, line 76, in render (Object: root="nbs_online") File /var/local/zope/leonardo/lib/python/TreeDisplay/TreeTag.py, line 87, in render (Object: root) File /var/local/zope/leonardo/lib/python/TreeDisplay/TreeTag.py, line 197, in tpRender (Object: nbs_online) File /var/local/zope/leonardo/lib/python/TreeDisplay/TreeTag.py, line 451, in tpRenderTABLE (Object: nbs_online) (Info: (['AAAAAAAAH1s=', []], {'childless_decoration': '', 'id': 'tpId', 'branches_expr': <method Eval.eval of Eval instance at 0x8a0e4f4>, 'nowrap': 1, 'url': 'tpURL', 'name': 'root', 'skip_unauthorized': 1, 'single': 1}, (['AAAAAAAAH1s=', []],), (['AAAAAAAAH1s=', []],))) File /var/local/zope/leonardo/lib/python/TreeDisplay/TreeTag.py, line 253, in tpRenderTABLE (Object: session_data_mgr) File /var/local/zope/leonardo/lib/python/DocumentTemplate/DT_Util.py, line 159, in eval (Object: filter_tree_nodes()) (Info: filter_tree_nodes) File <string>, line 2, in f File /var/local/zope/leonardo/lib/python/Shared/DC/Scripts/Bindings.py, line 252, in __call__ (Object: filter_tree_nodes) File /var/local/zope/leonardo/lib/python/Shared/DC/Scripts/Bindings.py, line 283, in _bindAndExec (Object: filter_tree_nodes) File /var/local/zope/leonardo/lib/python/Products/PythonScripts/PythonScript.py, line 302, in _exec (Object: filter_tree_nodes) (Info: ({'script': <PythonScript instance at 8bced68>, 'context': <SessionDataManager instance at 8c22d40>, 'container': <Folder instance at 8b3f620>, 'traverse_subpath': []}, (), {}, None)) File Script (Python), line 3, in filter_tree_nodes File /var/local/zope/leonardo/lib/python/AccessControl/ZopeGuards.py, line 58, in guarded_getattr (Object: session_data_mgr) File /var/local/zope/leonardo/lib/python/AccessControl/ZopeGuards.py, line 40, in aq_validate (Object: session_data_mgr) File /var/local/zope/leonardo/lib/python/AccessControl/SecurityManager.py, line 83, in validate File /var/local/zope/leonardo/lib/python/AccessControl/ZopeSecurityPolicy.py, line 145, in validate Unauthorized: (see above) TIA AM -- ================================================================== Aseem Mohanty Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706 (R) 510 7696011 (M) 510 3014871 (O) 510 5279231 ================================================================== "I saw `cout' being shifted "Hello world" times to the left and stopped right there!!" -- Steve Gonedes ==================================================================
I've used skip_unauthorized with objectValues in a DTML method to hide folders that a user is not authorized to see and that works great. But how do I pass that operator in a python script? objectValues only takes one argument, that is, object type. Anybody know? Thanks, Jacob
Jacob Behm wrote:
I've used skip_unauthorized with objectValues in a DTML method to hide folders that a user is not authorized to see and that works great. But how do I pass that operator in a python script? objectValues only takes one argument, that is, object type.
Anybody know?
Hi, Jacob Here'a a snippet of something I have used... from AccessControl import getSecurityManager sm = getSecurityManager() user = sm.getUser() thelist = context.objectValues() for item in thelist: if user.has_permission('View',item): #do something, they can view else: #do something else, they cannot view -- Jim Washington
participants (3)
-
AM -
Jacob Behm -
Jim Washington