[Zope-CMF] Get list of published items that user has access to

davelehman@loewen.com davelehman@loewen.com
Mon, 22 Oct 2001 15:35:03 -0500


Crap-- that sounds a heck of a lot easier than what I was trying to do, now
doesn't it?

<dtml-in "portal_catalog.searchResults( meta_type='Document'
  , sort_on='Date'
  , sort_order='reverse'
  , review_state='published'
)" size="10">

Um, is there any way to restrict the catalog search to a specific folder?
That is, for this particular news summary, I would like to grab only the
qualifying documents (ie published) from a certain folder.

Regards,
Dave


On 10/22/2001 01:36:26 PM marc lindahlwrote:

>Hmm.... I think a catalog search will work... because, isn't that what
>news_box does?
>
>> From: davelehman@loewen.com
>> Date: Mon, 22 Oct 2001 12:29:29 -0500
>> To: zope-cmf@zope.org
>> Subject: [Zope-CMF] Get list of published items that user has access to
>>
>> Well, i'm sorry to ask this because i'm sure it's a FAQ, but I just
haven't
>> been able to put all the pieces of the puzzle together. I've spent the
>> weekend banging my head against the wall and need a little relief...
>>
>> (I'm running CMF1.1 under Zope2.4. My "member" role has "access portal
>> content" and "view" access, but *not* "access future")
>>
>> I want to display a summary of news items. Basically, I want to get a
list
>> of documents from a specified news folder that are both published, and
that
>> the current website visitor has access to. It seems this is easier said
>> that done...
>>
>> Previously, I had tried:
>>
>> <dtml-in expr="objectValues( [ 'Document' ] )" skip_unauthorized>
>> <dtml-var Title><br>
>> <dtml-var Description><br>
>> </dtml-in>
>>
>> This pops up an authentication dialog if you are not logged in. And it
>> displays *all* items-- both published and private.
>>
>>> From reading the list, I got the impression that this *may* have worked
in
>> Zope2.3 but now doesn't (not sure if this was broken by accident, or on
>> purpose). The "recommended" way now seems to be to use ZopeFind
(although
>> no one seems willing to offer an example except to say "Go look in the
Zope
>> Quick Reference!"). So I tried this:
>>
>> <dtml-in expr="ZopeFind(this(),meta_type==['Document'],search_sub=1)"
>> skip_unauthorized>
>> <dtml-var Title><br>
>> <dtml-var Description><br>
>> </dtml-in>
>>
>> but it also displays all items, published and private. Well, I guess
that
>> means it must be "skip_unauthorized" that is broken. So I tried manually
>> filtering out the non-published items from a recipe on ZopeLabs:
>>
>> import string
>> news = []
>> for id, obj in context.ZopeFind( context, obj_metatypes=['Document'], ):
>> if hasattr(obj, 'published') and obj.published:
>> news.append( '<a href="' + obj.absolute_url() + '"><i>' + obj.Title() +
>> '</i></a><br>' + obj.Description() + '<br>' )
>> return news
>>
>> but this returns nothing at all, not even the items that are published.
So
>> that must not be what determines is a doc is "published" in the CMF.
>>
>> It seems like it should be possible to use ZopeFind to search for just
>> items that the user has access to, using "obj_roles" and
"obj_permissions"
>> but from the scant detail in the ZQR, i have no idea how to do this.
>>
>> All I want is a way to show a visitor (anonymous, member or manager) a
list
>> of the news items that they should see. Anonymous and Member should both
>> see a list of published docs only. Manager should see all-- both
published
>> and private.
>>
>> And I suppose it would be self-defeating to heap more on this issue, but
is
>> it also possible to work the CMF "effective_date" into this, so that
>> anonymous and members only see stuff that is published and has an
effective
>> date less that or equal to today?
>>
>> I really want to make this work-- Zope just seems *so* hard sometimes...
>>
>> Regards,
>> Dave
>>
>>
>>
>> _______________________________________________
>> Zope-CMF maillist  -  Zope-CMF@zope.org
>> http://lists.zope.org/mailman/listinfo/zope-cmf
>>
>> See http://www.zope.org/Products/PTK/Tracker for bug reports and feature
>> requests
>