[Zope] Zope authentication wrt DTML calling DTML in expr ?

Martijn Pieters mj@antraciet.nl
Mon, 30 Aug 1999 17:03:49 +0200


At 16:09 30/08/99 , Boris Borcic wrote:
>What's the story on passing authentication to DTML methods
>called from other DTML methods with an expr tag attribute ?
>
>I am trying to write a utility DTML method, that will fill
>a SELECT control, with OPTIONS derived from the ids of
>a list of objects obtained from "objectValues" over a folder,
>(in the caller DTML) and passed to the called DTML with a
>keyword argument.
>
>But in the called DTML method, it appears that those objects
>are unauthorized... and Zope asks the user to reauthenticate
>for each object in the list, and finally delivers "unauthorized",
>even though the very same objects are available directly, with
>the same authentication.
>
>Why is this and what should I (not) do ? I would like to be
>able to modularize my DTML code, but I need a correct understanding
>of what can or can't easily be delegated to other methods. This
>should be simple to do, and I am horrified to recognize the type
>of frustration I had with the primitive BASICs of 20 years ago.

You need to pass in REQUEST as well, for the authentication information:

   makeOptionsList(REQUEST=REQUEST, list=list)

--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| Tel: +31-35-7502100 Fax: +31-35-7502111
| mailto:mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------