Zope authentication wrt DTML calling DTML in expr ?
What's the story on passing authentication to DTML methods called from other DTML methods with an expr tag attribute ? I am trying to write a utility DTML method, that will fill a SELECT control, with OPTIONS derived from the ids of a list of objects obtained from "objectValues" over a folder, (in the caller DTML) and passed to the called DTML with a keyword argument. But in the called DTML method, it appears that those objects are unauthorized... and Zope asks the user to reauthenticate for each object in the list, and finally delivers "unauthorized", even though the very same objects are available directly, with the same authentication. Why is this and what should I (not) do ? I would like to be able to modularize my DTML code, but I need a correct understanding of what can or can't easily be delegated to other methods. This should be simple to do, and I am horrified to recognize the type of frustration I had with the primitive BASICs of 20 years ago. BB
At 16:09 30/08/99 , Boris Borcic wrote:
What's the story on passing authentication to DTML methods called from other DTML methods with an expr tag attribute ?
I am trying to write a utility DTML method, that will fill a SELECT control, with OPTIONS derived from the ids of a list of objects obtained from "objectValues" over a folder, (in the caller DTML) and passed to the called DTML with a keyword argument.
But in the called DTML method, it appears that those objects are unauthorized... and Zope asks the user to reauthenticate for each object in the list, and finally delivers "unauthorized", even though the very same objects are available directly, with the same authentication.
Why is this and what should I (not) do ? I would like to be able to modularize my DTML code, but I need a correct understanding of what can or can't easily be delegated to other methods. This should be simple to do, and I am horrified to recognize the type of frustration I had with the primitive BASICs of 20 years ago.
You need to pass in REQUEST as well, for the authentication information: makeOptionsList(REQUEST=REQUEST, list=list) -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-7502100 Fax: +31-35-7502111 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------
participants (2)
-
Boris Borcic -
Martijn Pieters