permissions check without triggering login
Hi there, I'd like to make a DTML method that produces a list of all subfolders that the user has permission to see; i.e. if Anonymous isn't allowed to 'View' a certain folder I don't want that folder to show up in the list. This howto seemed perfect for my purposes: http://www.zope.org/Documentation/How-To/DetectRoles However, when I actually applied it I ran into a problem I can't seem to get around. I have a folder called 'test1' which has 'Access contents information' and 'View' permission turned off for Anonymous. Now, I have the following dtml_method (in the parent folder of test1): <dtml-if "AUTHENTICATED_USER.has_permission('View', test1)"> <p>Can be viewed!</p> <dtml-else> <p>Can't be viewed!</p> </dtml-if> Unfortunately, when I try this with an anonymous user, this displays the login dialog when executed. I just want to see 'Can't be viewed!'. Is this possible, and if so, how? Regards, Martijn
Hi Martijn, Could you set the 'proxy' for that method to have a role that can check with impunity? -steve Martijn wrote: ---------------------------------------------------------------------- Hi there, I'd like to make a DTML method that produces a list of all subfolders that the user has permission to see; i.e. if Anonymous isn't allowed to 'View' a certain folder I don't want that folder to show up in the list. This howto seemed perfect for my purposes: http://www.zope.org/Documentation/How-To/DetectRoles However, when I actually applied it I ran into a problem I can't seem to get around. I have a folder called 'test1' which has 'Access contents information' and 'View' permission turned off for Anonymous. Now, I have the following dtml_method (in the parent folder of test1): <dtml-if "AUTHENTICATED_USER.has_permission('View', test1)"> <p>Can be viewed!</p> <dtml-else> <p>Can't be viewed!</p> </dtml-if> Unfortunately, when I try this with an anonymous user, this displays the login dialog when executed. I just want to see 'Can't be viewed!'. Is this possible, and if so, how? Regards, Martijn
Steve Spicklemire wrote:
Could you set the 'proxy' for that method to have a role that can check with impunity?
Interestingly, this works. You'd think that if I set the proxy to manager it wouldn't work as I'd wanted, because this proxy role now has permissions equal to that of manager, so I still couldn't check if Anonymous can view. But apparently this isn't the case, and it does work.. Could somebody explain this behavior? Regards, Martijn
Martijn Faassen wrote: [snip my question] Apparently this is triggered by turning off 'Access Contents Information'. If I do allow this it works as expected. Regards, Martijn
participants (2)
-
Martijn Faassen -
Steve Spicklemire