[Zope] New zope feature?
Brian Lloyd
Brian@digicool.com
Thu, 15 Jul 1999 14:45:00 -0400
> >What about an DTML directive
> >
> ><!--#role somerole--><!--#/role-->
> >
> >which would be a specialized if clause, which includes its
> content only if
> >the current caller has the specified role?
>
> You can already do this like so:
>
> <!--#if "AUTHENTICATED_USER.has_role('somerole')"-->
> ...
> <!--#/if-->
>
> You can also test for permissions on objects like so:
>
> <!--#if "AUTTHENTICATED_USER.has_permission('View',someObject)"-->
> ...
> <!--#/if-->
>
> Good luck.
>
> -Amos
I just wanted to chime in here to note that, as of Zope 2,
users can also have 'local roles', which are extra roles
that the user is given in the context of a certain object.
This means that a user may effectively have different roles
at different points in the object hierarchy. This is important
in terms of the example above, because if you just do:
<!--#if "AUTHENTICATED_USER.has_role('somerole')"-->
...
<!--#/if-->
...you'll get only the roles actually given to that user in
the User Folder. To get the 'real roles' that the user has
in the context of a given object (which takes into account
local roles given in that object and in other object higher
up in the hierarchy), you need to also pass in an object
for context:
<!--#if "AUTHENTICATED_USER.has_role('somerole', this())"-->
...
<!--#/if-->
The above basically says "tell me what roles the user has in
the context of _this_ object". Amos, this should probably go
into the local roles documentation, if it's not there already...
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com