[Zope] Zope authentication wrt DTML calling DTML in expr ?

Boris Borcic zorro@zipzap.ch
Mon, 30 Aug 1999 16:09:18 +0200


What's the story on passing authentication to DTML methods
called from other DTML methods with an expr tag attribute ?

I am trying to write a utility DTML method, that will fill
a SELECT control, with OPTIONS derived from the ids of
a list of objects obtained from "objectValues" over a folder,
(in the caller DTML) and passed to the called DTML with a
keyword argument.

But in the called DTML method, it appears that those objects
are unauthorized... and Zope asks the user to reauthenticate
for each object in the list, and finally delivers "unauthorized",
even though the very same objects are available directly, with
the same authentication.

Why is this and what should I (not) do ? I would like to be
able to modularize my DTML code, but I need a correct understanding
of what can or can't easily be delegated to other methods. This
should be simple to do, and I am horrified to recognize the type
of frustration I had with the primitive BASICs of 20 years ago.

BB