[Zope] Access-trouble

Sture Lygren sture@rocketrange.no
Thu, 23 Sep 1999 20:43:28 +0200


This is a multi-part message in MIME format.

------=_NextPart_000_0062_01BF0604.4C0DEC80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi!

I was sitting here making some test methods to display folders and file =
in a folder. Simplyfied:

<dtml-in "objectValues(['Folder','File'])">
<dtml-var title_or_id>
</dtml-in>

That works like it shoul do, but ....

Previously I added a local role with permission to 'access content' and =
'view' to the site. I fired up=20
my netscape and logged in as the user with the local role. Then I =
noticed something strange? - I=20
could access and view all but the newly made 'list folders and files' =
method. I went back, logged in=20
as manager and checked the permissions on the method and on the =
containing folder, but there is
nothing wrong with it (as far as I can tell at least).

Could someone be so kind to tell me what happens here? Am I plain stupid =
or ...?

Another question while I'm on (can't test it until I get the above =
right):

Will the code below only show the folders in a containing folder wich =
the current user owns (this is what I want),=20
or do I need some other code to let this magic happen (please show me)?=20

<dtml-in "objectValues(['Folder'])">
<dtml-if "AUTHENTICATED_USER.has_role('Owner','Folder')">
<dtml-var title_or_id>
</dtml-if>
</dtml-in>=20

Thanks in advance

Sture Lygren

------=_NextPart_000_0062_01BF0604.4C0DEC80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.71.2016.0"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>Hi!</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>I was sitting here =
making some test=20
methods to display folders and file in a folder. Simplyfied</FONT><FONT=20
color=3D#000000 face=3DArial size=3D2>:</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>&lt;dtml-in=20
&quot;objectValues(['Folder','File'])&quot;&gt;</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>&lt;dtml-var=20
title_or_id&gt;</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial =
size=3D2>&lt;/dtml-in&gt;</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>That works like it shoul do, but =
....</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Previously I added a local role with =
permission to=20
'access content' and 'view' to the site. I fired up&nbsp;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>my netscape and logged in as the user =
with the=20
local role. Then I noticed something strange? - I </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>could access and view all but the newly =
made 'list=20
folders and files' method. I went back, logged in </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>as manager and checked the permissions =
on the=20
method and on the containing folder, but there is</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>nothing wrong with it (as far as I can =
tell at=20
least).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Could someone be so kind to tell me =
what happens=20
here? Am I plain stupid or ...?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Another question while I'm on (can't =
test it until=20
I get the above right):</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Will the code below only show the =
folders in a=20
containing folder wich the current user owns (this is what I want),=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>or do I need </FONT><FONT face=3DArial =
size=3D2>some=20
other code to let this magic happen (please show me)?&nbsp;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>&lt;dtml-in=20
&quot;objectValues(['Folder'])&quot;&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&lt;dtml-if=20
&quot;AUTHENTICATED_USER.has_role('Owner','Folder')&quot;&gt;</FONT></DIV=
>
<DIV><FONT face=3DArial size=3D2>&lt;dtml-var =
title_or_id&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&lt;/dtml-if&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&lt;/dtml-in&gt;&nbsp;</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>Thanks in =
advance</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>Sture=20
Lygren</FONT></DIV></BODY></HTML>

------=_NextPart_000_0062_01BF0604.4C0DEC80--