[Zope] New zope feature?

Kent Polk kent@goathill.org
16 Jul 1999 03:36:01 GMT


On 15 Jul 1999 12:50:01 -0500, Amos Latteier wrote:
>At 06:00 PM 7/15/99 +0200, Anders Qvist wrote:
>>(Haven't researched this one, so it might have been suggested already.)
>>
>>What about an DTML directive
>>
>><!--#role somerole--><!--#/role-->
>>
>>which would be a specialized if clause, which includes its content only if
>>the current caller has the specified role?
>
>You can already do this like so:
>
><!--#if "AUTHENTICATED_USER.has_role('somerole')"-->
>...
><!--#/if-->
>
>You can also test for permissions on objects like so:
>
><!--#if "AUTTHENTICATED_USER.has_permission('View',someObject)"-->
>...
><!--#/if-->

With browsers which only provide authentication info when it is
requested, you also will need to convince the client that it needs
to authenticate for the above to work. One easy way to do both of
the above items is to include authentication objects in the url
which (can) also control authentication. Netscape and I.E. continue
to provide authentication info for all requests once it has been
established, but don't count on all browsers doing so.