[Zope] Newbie help - method needs auth > anonymous. WHY?

Casey Duncan casey.duncan@state.co.us
Thu, 9 Nov 2000 13:35:43 -0700


John Wrote:
[snip]
> I am trying to use this method called objectList:
>
> <ul>
>   <dtml-in objectValues>
>     <li><dtml-var id></li>
>   </dtml-in>
> </ul>
>
> I've put it in the standard_html_header.
[snip]
> When I try looking at the root page (http://john:8080) I have to provide
authentication before the page will display.

What your method is doing, is stepping through every object at the root of
your Zope server. Not every object there is accessible by anonymous. Even in
a fresh Zope installation, Control_Panel is restricted to managers, so that
is the likely culprit.

To get around this problem, there is an argument for dtml-in called
"skip_unauthorized" which will automatically skip over any objects that the
current user is not authorized to access.

Changing your dtml-in statement to:
<dtml-in objectValues skip_unauthorized>

Will prevent this error. However, you will get every little object in your
root directory. So, standard_html_header, index_html, standard_html_footer,
etc. will appear. If you want to exclude these, specify just the meta types
you want to objectValues. For instance, to show only folders try this:

<dtml-in expr="objectValues(['Folder'])" skip_unauthorized>

To show folders and DTML documents, try this:

<dtml-in expr="objectValues(['Folder','DTML Document'])" skip_unauthorized>
etc., etc.

hth,
Casey D.