[Zope] dtml-in and skip_unauthorized not working?
Mike Renfro
renfro@tntech.edu
Thu, 9 Aug 2001 14:55:17 -0500
I have a very similar problem to the one given by Jean Lagarde at
http://lists.zope.org/pipermail/zope/2001-June/093739.html -- I have a
number of Squishdot sites, and I'd like to automatically generate a
list of Squishdot sites accessible to the current logged-in user.
Here's the dtml method (MyFora) I'm using:
<ul>
<dtml-in findfora skip_unauthorized>
<dtml-let item=sequence-item>
<dtml-with item>
<li><a href="<dtml-var absolute_url>"><dtml-var title></a>
</dtml-with>
</dtml-let>
</dtml-in>
</ul>
and here's the Python script (findfora):
from string import split, join
published = {}
meta_types = ('Squishdot Site',)
root = None
#lets setup the root we will find all our resources from
if context.REQUEST.VirtualRootPhysicalPath:
root = context.REQUEST.VirtualRootPhysicalPath
else:
root = ('',)
root = context.restrictedTraverse(root)
published=[]
for obj in context.ZopeFind(root, obj_metatypes=meta_types, search_sub=1):
id, obj = obj[0], obj[1]
published.append(obj)
return published
For every authenticated user, it returns a *full* list of Squishdot
sites, not just the ones they're authorized to view. Clicking on one
of the unauthorized links pops up a login dialog, but I don't even
want the links to show up at all (which I thought skip_unauthorized
would take care of).
As far as I can tell, neither method has any proxy roles
attached. What detail did both Jean and I miss in our respective
situations? Zope 2.3.2, by the way.
--
Mike Renfro / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu