[Zope-CMF] Bug in zpt_generic index_html ? doesn't skip unauthorized Folders etc...
Heimo Laukkanen
huima@fountainpark.org
Wed, 17 Apr 2002 04:52:38 +0300
Using CMF 1.3 beta and noticed that if I set in a subfolder security
in a way that Access content information is not on, the Folder is
still visible to the anonymous user in the index_html of the parent
directory.
If the user tries to access the directory, then he is forced to login...
In the idnex_html there is following code which apparently does not work.
<div tal:condition="not: has_local"
tal:define="auth_filter nocall: modules/ZTUtils/LazyFilter"
>
<div tal:define="raw_items python: here.contentValues(
filter={'Type':( 'Document'
, 'Image'
, 'File'
, 'News Item'
) } );
items python: auth_filter( raw_items, skip='' );
">
<div tal:condition="items">
....
Outside the CMF for example following code works:
<ul tal:define="ztu modules/ZTUtils;
raw python:here.objectValues('Folder');
objs python:ztu.LazyFilter(raw, skip='')">
<li tal:repeat="example objs">
<a href="example"
tal:attributes="href example/getId"
tal:content="example/title">Example Title</a>
</li>
</ul>
Any ideas?
-huima