[Zope] security audit
Erik Myllymaki
Erik Myllymaki <erik@pacific-shores.com>
Sat, 08 Dec 2001 12:30:00 -0800
I am trying to make a security DTML script so that when I am logged in as a
manager, I can see what Roles have 'Access contents information' and 'View'
permissions to the various directories and files that I am working on
instead of bringing up the security screen all the time.
The problem I have is with acquired permissions, they do not show up using
my method, so only if the Role is explicitly set on the object will this
work. Any suggestions to make this OK with acquired permissions?
<dtml-if "REQUEST.AUTHENTICATED_USER.has_role('Manager')">
<table border="1">
<tr><th align="left">Access</th><th align="left">View</th></tr>
<tr><td>
<dtml-in expr="rolesOfPermission('Access contents information')" mapping=1>
<dtml-if selected>
<dtml-var name><br>
</dtml-if>
</dtml-in>
</td>
<td>
<dtml-in expr="rolesOfPermission('View')" mapping=1>
<dtml-if selected>
<dtml-var name><br>
</dtml-if>
</dtml-if>
Thanks,
Erik Myllymaki
erik@pacific-shores.com