[Zope] problem testing for a permission

[Dieter Maurer]

Hi Jerome,

I am not sure whether it was you with whom I discussed a similar
problem?

  Some days ago, I saw a similar post:

       &dtml.url-login;

  raised an "Unauthorized" exception, when the user did not
  have "View" permission.

  I could reproduce a problem when the user had not
  "Access Contents Information", but the "View" permission
  was not necessary.

Same for your problem (I am using ZopeCVS, about 10 days old):

  "has_permission" requires "Access Contents Information"
  for its object attribute (a bug in my view), but no
  'View' permission.

Jerome Alet writes:
 > ....
 > <dtml-if "AUTHENTICATED_USER.has_permission('View', mymethod)">
 >   ...
 > but if I access the pages as an anonymous user then I've got
 > an Unauthorized exception instead of not having the "Members only" link.
Either some strange effect with your Zope version or:

 * your "standard_html_xxx" is a DTML Document (! not method)

 * your user is defined in a subfolder "acl_user", i.e.
   above "mymethod"

then the additional check, that a user can not reach material
outside the context of its user folder may hit you.

It is only a very vague idea....


Dieter