[Zope] Sudden authentication problem
Dieter Maurer
dieter@handshake.de
Sun, 1 Apr 2001 20:46:00 +0200 (CEST)
Dunigan, Craig writes:
> > ....
> > I do not think so.
> > "Add EW Nav Links" is the permission that you want to test for.
> > But the "Unauthorized" exception is already raised when
> > the catalogued object is looked up.
>
> Forgive my inexperience, but how do you know this?
REQUEST['AUTHENTICATED_USER'].
has_permission('Add EW Nav Links',
REQUEST.resolve_url(BASE0+getpath(data_record_id_))))
raised the "Unauthorized" exception (according to your traceback).
In this expression, only "REQUEST.resolve_url(...)"
and maybe "getpath" (if your user can not access the catalog, but
that seems unlikely) can raise this exception.
"REQUEST" and its methods are public, "has_permission" is public,
"BASE0" is public (as part of "REQUEST").
> ....
> <dtml-call "REQUEST.set('YihawFolders', [])">
> <dtml-in expr="Catalog({'meta_type':'Yihaw Folder'})">
> <dtml-if "REQUEST['AUTHENTICATED_USER'].has_permission('Add EW Nav Links',
> REQUEST.resolve_url(BASE0+getpath(data_record_id_)))">
> <dtml-call "YihawFolders.append(getpath(data_record_id_))">
> </dtml-if>
> </dtml-in>
As a workaround, you could wrap your "if" into a "dtml-try".
If you get an "Unauthorized" exception, it should surely not be
in your "YihawFolders" list.
Dieter