[Zope] RE: What method do I use to check access?

Howard Clinton Shaw III shawh@sths.org
Wed, 26 May 1999 07:40:38 -0500


On Wed, 26 May 1999, Bill Anderson wrote:
> > I've looked at rolesOfPermission etc and they don't seem to give what I want
> > in that they
> > don't recursivly check parent permissions if permissions are aquired. What I
> > really want is an easy way conditionally include something based on weather
> > the user can view it (or maybe another permission). I don't want to have to
> > hard code the roles as this is duplicating code.
> > What I want is
> > <!--#if "AUTHENTICATED_USER.hasPermission(SomeObject, 'View')"-->
> >  <a href="<!--#var "SomeObject.absolute_url()"-->">Goto SomeObject</a>
> > <!--#/if-->
> > 
> > The link will only appear if the user can actually go to it. This must be
> > possible as somewhere in the code this validation must happen already. I've
> > tried looking but really need some help.
> 
> I don't normally do this, but: Me Too :-)
> 
> Seriously, if there is a simple way to do it (preferably like the
> above), I am all ears(eyes)!

You might have to use an ExternalMethod to access it, but try 

for i in AUTHENTICATED_USER.getRoles():
	if i in SomeObject._View_Permission.getRoles():
		return 1
return 0

I think the _ in front of _View_Permissions will force you to use an external method, but once
you write the method, you could call it like
<!--#if "hasViewPermission(SomeObject, REQUEST)"-->
 <a href="<!--#var SomeObject.absolute_url()"-->">Goto SomeObject</a>
<!--#/if-->

I haven't tested this, and I don't know for sure that the _View_Permission.getRoles() will work...
Good luck. 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (For developer-specific issues, use the companion list,
> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
--
Howard Clinton Shaw III - Grum
St. Thomas High School
#include "disclaimer.h"