[Zope] manage_users - Error in acl_users

Martijn Pieters mj@atmm.nl
Thu, 18 Feb 1999 18:49:15 +0100


At 13:56 18/02/99 , you wrote:
>Hi,
>
>I have a DTML page that adds users to a folder, (trying to) give them only 
>a specific, limited role. The code in question looks like this. I know it is 
>overkill, but it is more clear this way. (inId passes the folder to give 
>access to):
>
><!--#call "REQUEST.set('name', name)"-->
><!--#call "REQUEST.set('password', password)"-->
><!--#call "REQUEST.set('confirm', confirm)"-->
><!--#call "REQUEST.set('roles', 'Student')"-->
><!--#call "REQUEST.set('domains', '')"-->
><!--#call "_.getitem(_['inID']).acl_users.manage_users(submit='Add',
>REQUEST=REQUEST)"-->
>

Domains and Roles are both lists, so do this:

<!--#call "REQUEST.set('name', name)"-->
<!--#call "REQUEST.set('password', password)"-->
<!--#call "REQUEST.set('confirm', confirm)"-->
<!--#call "REQUEST.set('roles', ['Student'])"-->
<!--#call "REQUEST.set('domains', [])"-->
<!--#call
"_.getitem(_['inID']).acl_users.manage_users(submit='Add',REQUEST=REQUEST)"-->

and you're home free. The hint is the source for manage_users: domains is
listed as domains:tokens, and roles as roles:list. This means Zope will parse
the incoming CGI data expecting a token string for domains and a list for
roles, and will put a nice list for both into the REQUEST object. manage_users
doesn't check wether this is actually the case, and just accepts your strings,
which later on give you errors.


--
M.J. Pieters, Web Developer
| ATMM http://www.atmm.nl
| Tel: +31-35-6254545 Fax: +31-35-6254555
| mailto:mj@atmm.nl http://www.atmm.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------