[Zope] Show Viewable folders
Dieter Maurer
dieter@handshake.de
Fri, 3 Aug 2001 21:32:34 +0200 (CEST)
Montagne, Michael writes:
> I'm trying to display only the folders that a User has viewing rights to.
> ....
> <dtml-in expr="PARENTS[0].objectValues('Folder')">
> <dtml-if "AUTHENTICATED_USER.has_permission('View','<dtml-sequence-item>')">
> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a>
> <dtml-else>
> Nope<br>
> </dtml-if>
> </dtml-in>
>
>
> <dtml-in expr="PARENTS[0].objectValues('Folder')">
> <dtml-if expr="_.SecurityCheckPermission('View','<dtml-sequence-item>')">
> <li><a href="<dtml-var absolute_url>"><dtml-var title_or_id></a>
> <dtml-else>
> Nope<br>
> </dtml-if>
> </dtml-in>
You have not yet been reached by the information that you cannot
use "dtml-*" inside a Python expression?
Inside "...", you are in a Python expression context.
'<dtml-sequence-item>' is there the literal string
"<dtml-sequence-item>", no interpretation of "sequence-item"
as you seem to expect....
Use in similar situations something like:
<dtml-let folder=sequence-item>
... "... folder ..." ...
</dtml-let>
In your case, you can use:
<dtml-let folder=sequence-item>
<dtml-if expr="_.SecurityCheckPermission('View',folder)">
...
</dtml-if>
</dtml-let>
Unfortunately, this will not work for all permissions and
for all objects:
It will e.g. fail for 'View' and DTML objects
and for 'Access Contents Information' and folders.
I think this is a bug in Zope's security subsystem.
If you feel like me, please put it into the collector.
Dieter