[Zope] dtml-in and skip_unauthorized not working?

Casey Duncan cduncan@kaivo.com
Thu, 09 Aug 2001 14:42:39 -0600 

Mike Renfro wrote:
> 
> I have a very similar problem to the one given by Jean Lagarde at
> http://lists.zope.org/pipermail/zope/2001-June/093739.html -- I have a
> number of Squishdot sites, and I'd like to automatically generate a
> list of Squishdot sites accessible to the current logged-in user.
> 
> Here's the dtml method (MyFora) I'm using:
> 
> <ul>
> <dtml-in findfora skip_unauthorized>
>   <dtml-let item=sequence-item>
>     <dtml-with item>
>       <li><a href="<dtml-var absolute_url>"><dtml-var title></a>
>     </dtml-with>
>   </dtml-let>
> </dtml-in>
> </ul>
> 
> and here's the Python script (findfora):
> 
> from string import split, join
> 
> published = {}
> meta_types = ('Squishdot Site',)
> root = None
> 
> #lets setup the root we will find all our resources from
> if context.REQUEST.VirtualRootPhysicalPath:
>   root = context.REQUEST.VirtualRootPhysicalPath
> else:
>   root = ('',)
> root = context.restrictedTraverse(root)
> 
> published=[]
> 
> for obj in context.ZopeFind(root, obj_metatypes=meta_types, search_sub=1):
>   id, obj = obj[0], obj[1]
>   published.append(obj)
> 
> return published
> 
> For every authenticated user, it returns a *full* list of Squishdot
> sites, not just the ones they're authorized to view. Clicking on one
> of the unauthorized links pops up a login dialog, but I don't even
> want the links to show up at all (which I thought skip_unauthorized
> would take care of).
> 
> As far as I can tell, neither method has any proxy roles
> attached. What detail did both Jean and I miss in our respective
> situations? Zope 2.3.2, by the way.
> 
> --
> Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
> 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
> 

Does anonymous by any chance have the "Access contents information"
permission on these objects (or any others)? I suspect it must if it can
display the titles.

-- 
| Casey Duncan
| Kaivo, Inc.
| cduncan@kaivo.com
`------------------>