Re: [Zope] inserting half a dtml tag into a zclass
Tim Hicks writes:
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01C07071.533E96C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable You are here long enough: you should know, we do not like MIME messages.
... isolating privacy checks ... <dtml-var privacy> <dtml-var standard_html_header> <dtml-var standard_html_footer> </dtml-if>
I know about 2 possible approaches: I. let your "privacy" method return a value (using "dtml-return") and check it above: <dtml-if privacy> ...header... ... ...footer... </dtml-if> II. I think (this implies, I am not sure), that ZPublisher translates exceptions into HTTP response codes. This would mean, you could try: In your "privacy" method: .... <dtml-call "RESPONSE.redirect(...)"> <dtml-raise type="Redirect"></dtml-raise> .... in your other objects: <dtml-call privacy> ...header... .... ...footer... Dieter
----- Original Message ----- From: Dieter Maurer <dieter@handshake.de> To: Tim Hicks <tim@sitefusion.co.uk> Cc: <zope@zope.org> Sent: Friday, December 29, 2000 9:38 AM Subject: Re: [Zope] inserting half a dtml tag into a zclass
Tim Hicks writes:
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01C07071.533E96C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable You are here long enough: you should know, we do not like MIME messages.
My apologies. You're right, I do know better... my mistake. Also, apologies for the delayed reply, I've been away.
... isolating privacy checks ... <dtml-var privacy> <dtml-var standard_html_header> <dtml-var standard_html_footer> </dtml-if>
I know about 2 possible approaches:
I. let your "privacy" method return a value (using "dtml-return") and check it above:
<dtml-if privacy> ...header... ... ...footer... </dtml-if>
I've gone for a 'method' based on this first idea of yours. Here is what appears in each zclass instance. <dtml-call privacy> <dtml-if "available == 1"> <dtml-call "RESPONSE.redirect(restricted+'/restricted.html')"> <dtml-else> <dtml-var standard_html_header> <dtml-var standard_html_footer> </dtml-if> And here is the privacy method. <dtml-call "REQUEST.set('available', 0)"> <dtml-if "propertyLabel(availability) == 'private'"> <dtml-call "REQUEST.set('available', 1)"> </dtml-if> <dtml-call "REQUEST.set('dom', _.string.split(REQUEST.REMOTE_ADDR, '.'))"> <dtml-if "dom[0] == '192'"> <dtml-if "dom[1] == '168'"> <dtml-call "REQUEST.set('available', 0)"> </dtml-if> </dtml-if> <dtml-in PARENTS> <dtml-let PARENT="_.getitem('sequence-item')"> <dtml-if "PARENT.hasProperty('dehs_site_root_folder')"><dtml-call "REQUEST.set('restricted', PARENT.absolute_url())"></dtml-if> </dtml-let> </dtml-in> It's not perfect (that would be when there is nothing for the user to break in each instance), but it's better than it was and also allows me to edit only one privacy method to change the access rights.
II. I think (this implies, I am not sure), that ZPublisher translates exceptions into HTTP response codes. This would mean, you could try:
In your "privacy" method: .... <dtml-call "RESPONSE.redirect(...)"> <dtml-raise type="Redirect"></dtml-raise> ....
in your other objects:
<dtml-call privacy> ...header... .... ...footer...
You've lost me a bit there. Where am I actually checking to see if the user has access rights? Cheers tim
Tim Hicks writes:
II. I think (this implies, I am not sure), that ZPublisher translates exceptions into HTTP response codes. This would mean, you could try:
In your "privacy" method: .... <dtml-call "RESPONSE.redirect(...)"> <dtml-raise type="Redirect"></dtml-raise> ....
in your other objects:
<dtml-call privacy> ...header... .... ...footer...
You've lost me a bit there. Where am I actually checking to see if the user has access rights? When I use "....", this means something you have provided or will fill in with application specific code.
Thus, in your privacy method: .... <!-- do your checks --> <!-- you come here, when they fail --> <dtml-call "RESPONSE.redirect(...)"> <dtml-raise type="Redirect"></dtml-raise> Dieter
participants (2)
-
Dieter Maurer -
Tim Hicks